1
0
mirror of https://github.com/django/django.git synced 2025-01-03 23:16:41 +00:00
Commit Graph

4680 Commits

Author SHA1 Message Date
Natalia
c8d7a5491e Added release date for 4.2.4. 2023-08-01 13:30:05 -03:00
Mariusz Felisiak
c9b9a52edc
Fixed #34750 -- Fixed QuerySet.count() when grouping by unused multi-valued annotations.
Thanks Toan Vuong for the report.
Thanks Simon Charette for the review.

Regression in 59bea9efd2.
2023-08-01 16:16:28 +02:00
Gregor Jerše
10725a3187 Fixed #32820 -- Added aria-invalid="true" to fields with errors.
Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: David Smith <smithdc@gmail.com>
2023-08-01 06:08:04 +02:00
John Parton
fff14736f1 Fixed #34331 -- Added QuerySet.aiterator() support for prefetch_related(). 2023-07-31 21:17:36 +02:00
Simon Charette
4087367ba8 Fixed #34748 -- Fixed queryset crash when grouping by a reference in a subquery.
Regression in dd68af62b2.

Thanks Toan Vuong for the report.
2023-07-29 16:08:20 +02:00
Olivier Tabone
b9473cac65 Fixed #34714 -- Added aget_object_or_404()/aget_list_or_404() shortcuts. 2023-07-24 07:37:54 +02:00
Mariusz Felisiak
02376f1f53
Added missing backticks in docs. 2023-07-21 12:54:38 +02:00
Simon Charette
595a2abb58 Fixed #34701 -- Added support for NULLS [NOT] DISTINCT on PostgreSQL 15+. 2023-07-19 21:42:27 +02:00
Simon Charette
68912e4f6f Fixed #34717 -- Fixed QuerySet.aggregate() crash when referencing window functions.
Regression in 59bea9efd2.

Refs #28477.

Thanks younes-chaoui for the report.
2023-07-19 08:21:33 +02:00
Thomas Chaumeny
89c7454dbd Fixed #34698 -- Made QuerySet.bulk_create() retrieve primary keys when updating conflicts. 2023-07-10 13:17:28 +02:00
Ben Lomax
b7a17b0ea0 Refs #31949 -- Made @vary_on_(cookie/headers) decorators work with async functions. 2023-07-10 11:43:36 +02:00
Ben Lomax
953f81e078 Refs #31949 -- Made @csrf_exempt decorator to work with async functions. 2023-07-10 07:55:02 +02:00
Andrew Northall
6d427288e4 Fixed #34688 -- Removed contrib.sitemaps.ping_google() and ping_google management command.
Thanks Joachim Jablon for the report.

Google has deprecated the sitemap ping endpoint, and will be removing
it in 6 months ~January 2024.
2023-07-10 05:59:35 +02:00
Mariusz Felisiak
2584783f46
Refs #9602 -- Moved AlreadyRegistered/NotRegistered exceptions to django.contrib.admin.exceptions. 2023-07-07 13:22:06 +02:00
Mariusz Felisiak
f64fd47a76
Fixed #9602 -- Added AdminSite.get_model_admin().
This allows retrieving an admin class for the given model class without
using internal attributes.
2023-07-07 08:06:01 +02:00
Gregor Jerše
966ecdd482 Fixed #32819 -- Established relationship between form fields and their help text.
Thanks Nimra for the initial patch.

Thanks Natalia Bidart, Thibaud Colas, David Smith, and Mariusz Felisiak
for reviews.
2023-07-06 08:03:19 +02:00
Mariusz Felisiak
393b8324b3 Added stub release notes for 4.2.4. 2023-07-03 10:33:50 +02:00
Mariusz Felisiak
1d6fbf16f2 Added CVE-2023-36053 to security archive. 2023-07-03 10:19:13 +02:00
Mariusz Felisiak
ad0410ec4f Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
Thanks Seokchan Yoon for reports.
2023-07-03 08:16:55 +02:00
Mariusz Felisiak
953f29f700
Fixed #34572 -- Added support for GDAL 3.7.
Co-authored-by: Michael Howitz <mh@gocept.com>
2023-06-30 06:03:08 +02:00
Akash Kumar Sen
a40b0103bc Fixed #30382 -- Allowed specifying parent classes in force_insert of Model.save(). 2023-06-29 21:52:52 +02:00
Mariusz Felisiak
601ffb0da3
Fixed #34685 -- Dropped support for GEOS 3.6 and 3.7. 2023-06-29 21:45:36 +02:00
Mariusz Felisiak
6a523500af
Fixed #34684 -- Dropped support for GDAL 2.2 and 2.3. 2023-06-29 09:11:30 +02:00
Jon Janzen
5e98959d92 Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients. 2023-06-27 11:17:17 +02:00
Mariusz Felisiak
2360ba2274 Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. 2023-06-26 14:35:13 +02:00
Mariusz Felisiak
370a021780
Refs #34233 -- Bumped minimum supported version of Selenium to 4.8.0.
This bumps minimum supported versions of selenium to the first release
to support Python 3.10.
2023-06-26 14:22:54 +02:00
th3nn3ss
3152f9de47 Refs #31949 -- Made http decorators to work with async functions. 2023-06-26 09:29:04 +02:00
Mariusz Felisiak
650ce96782
Refs #34391 -- Updated asgiref dependency for 5.0 release series. 2023-06-23 21:52:04 +02:00
Jon Janzen
38e391e95f Refs #31949 -- Made @sensitive_variables/sensitive_post_parameters decorators to work with async functions.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-06-23 13:29:40 +02:00
Nick Pope
f8092ee9ad Improved style of n-tuple wording in docs and comments. 2023-06-23 09:29:35 +02:00
Olivier Le Thanh Duong
1b754d638d Fixed #34629 -- Added filtering support to GIS aggregates. 2023-06-16 12:20:13 +02:00
Jacob Rief
1fe0b167af Fixed #34473 -- Fixed step validation for form fields with non-zero minimum value. 2023-06-16 08:38:28 +02:00
Neeraj Kumar
1d9d32389c Fixed #34638 -- Fixed admin change list selected row highlight on editable boolean fields.
Regression in 0aa2f16e63.

Thanks Andrei Shabanski for the report.
2023-06-11 15:01:06 +02:00
Mariusz Felisiak
caf80cb41f
Fixed #34645 -- Restored alignment for admin date/time timezone warnings.
Regression in 96a598356a.
2023-06-09 21:37:23 +02:00
Anders Kaseorg
b81e974e9e Fixed #34604 -- Corrected fallback SQL for n-ary logical XOR.
An n-ary logical XOR Q(…) ^ Q(…) ^ … ^ Q(…) should evaluate to true
when an odd number of its operands evaluate to true, not when exactly
one operand evaluates to true.
2023-06-08 20:41:18 +02:00
devilsautumn
094b0bea2c Fixed #34609 -- Deprecated calling format_html() without arguments. 2023-06-06 14:14:57 +02:00
nessita
e26d1a91d7
Added stub release notes for 4.2.3. 2023-06-05 14:55:23 -03:00
Natalia
0faad01938 Added release date for 4.2.2. 2023-06-05 08:21:56 -03:00
Howard Cox
cd413bd78a Fixed #34621 -- Made admin site header render in <div> tag.
This was problematic for screen reader users because they use headings
to navigate. Having two <h1> is confusing, and the one in the header
wasn’t particularly helpful since it’s the same on all pages.
2023-06-05 11:55:06 +02:00
Mariusz Felisiak
f9936deed1
Fixed #34620 -- Fixed serialization crash on m2m fields without natural keys when base querysets use select_related().
Regression in 19e0587ee5.

Thanks Martin Svoboda for the report.
2023-06-04 20:49:07 +02:00
Simon Charette
2cf76f2d5d Fixed #34612 -- Fixed QuerySet.only() crash on reverse relationships.
Regression in b3db6c8dcb.

Thanks Ian Cubitt for the report.

This also corrected test_inheritance_deferred2() test which was
previously properly defined and marked as an expected failure but was
then wrongly adjusted to mask the lack of support for per-alias
deferral that was fixed by #21204.
2023-06-01 19:50:47 +01:00
Christopher Cave-Ayland
24d56e21c3
Fixed #34616 -- Corrected label examples in 5.0 release notes. 2023-06-01 11:19:11 +01:00
David Sanders
0c1518ee42
Fixed #34590 -- Reverted "Refs #33308 -- Improved adapting DecimalField values to decimal."
This reverts 7990d254b0.

Thanks Marc Odermatt for the report.
2023-05-24 10:59:55 +02:00
Ben Lomax
23abec9192 Refs #31949 -- Made @no_append_slash decorator to work with async functions. 2023-05-23 10:04:41 +02:00
Simon Charette
e5c844d6f2 Fixed #34551 -- Fixed QuerySet.aggregate() crash when referencing subqueries.
Regression in 59bea9efd2.

Refs #28477.

Thanks Denis Roldán and Mariusz for the test.
2023-05-23 06:25:58 +02:00
Simon Charette
2ee01747c3 Refs #34551 -- Fixed QuerySet.aggregate() crash on precending aggregation reference.
Regression in 1297c0d0d7.

Refs #31679.
2023-05-23 06:25:27 +02:00
Sarah Boyce
c3862735cd
Fixed references to django.core.cache in docs. 2023-05-22 14:02:01 +02:00
gtleee
0a324f1b66 Fixed #34588 -- Removed usage of nonexistent stylesheet in the 'Congrats' page.
Regression in d46cc15c51.
2023-05-22 11:05:20 +02:00
Arthur Moreira
061a8a1bd8 Fixed #34577 -- Added escapeseq template filter. 2023-05-22 09:58:03 +02:00
Simon Charette
98f6ada0e2 Fixed #34580 -- Avoided unnecessary computation of selected expressions in SQLCompiler.
Performance regression in 278881e376.

Co-authored-by: David Smith <smithdc@gmail.com>
2023-05-22 05:47:29 +02:00
Ben Lomax
00f5d2d110 Refs #31949 -- Made @xframe_options_(deny/sameorigin/exempt) decorators to work with async functions. 2023-05-20 15:52:00 +02:00
HappyDingning
674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Mariusz Felisiak
c52f4295f2
Fixed #34568 -- Made makemigrations --update respect --name option.
Thanks David Sanders for the report.
2023-05-17 13:14:43 +02:00
Simon Charette
99e5dff737 Fixed #34570 -- Silenced noop deferral of many-to-many and GFK.
While deferring many-to-many and GFK has no effect, the previous
implementation of QuerySet.defer() ignore them instead of crashing.

Regression in b3db6c8dcb.

Thanks Paco Martínez for the report.
2023-05-17 08:06:11 +02:00
Julie Rymer
0ec60661e6 Fixed #34539 -- Restored get_prep_value() call when adapting JSONFields.
Regression in 5c23d9f0c3.
2023-05-16 08:26:41 +02:00
Ian Foote
7414704e88 Fixed #470 -- Added support for database defaults on fields.
Special thanks to Hannes Ljungberg for finding multiple implementation
gaps.

Thanks also to Simon Charette, Adam Johnson, and Mariusz Felisiak for
reviews.
2023-05-12 19:11:40 +02:00
Mariusz Felisiak
72a86ceb33
Fixed #34558 -- Fixed QuerySet.bulk_create() crash with Now() on Oracle. 2023-05-11 18:22:55 +02:00
Mariusz Felisiak
1586a09b79
Fixed #34544 -- Avoided DBMS_LOB.SUBSTR() wrapping with IS NULL condition on Oracle.
Regression in 09ffc5c121.

Thanks Michael Smith for the report.

This also reverts commit 1e4da43955.
2023-05-08 19:34:30 +02:00
Mariusz Felisiak
49830025c9 Added CVE-2023-31047 to security archive. 2023-05-03 15:20:31 +02:00
Mariusz Felisiak
b0d3a5de95 Added stub release notes for 4.2.2. 2023-05-03 15:13:07 +02:00
Mariusz Felisiak
fb4c55d9ec Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field.
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-05-03 13:42:00 +02:00
Mariusz Felisiak
8e2460d599
Fixed #34529, Refs #34525 -- Reduced index operations with Meta.indexes/index_together when optimizing migrations.
This makes squashing migrations an available path for changing
Meta.index_together, which is deprecated, to Meta.indexes.

Follow up to f810325721.
2023-05-03 13:06:19 +02:00
Orhan Hirsch
ea53e7c09f Fixed #34517 -- Avoided connection post_init signal to ImageField without width/height fields. 2023-05-03 06:35:19 +02:00
Paul Brown
3b62d8c83e
Refs #31369 -- Improved hint message in NullBooleanField's deprecation warning. 2023-05-02 15:42:11 -03:00
Mariusz Felisiak
0e444e84f8 Fixed #34515 -- Made LocaleMiddleware prefer language from paths when i18n patterns are used.
Regression in 94e7f471c4.

This reverts commit 94e7f471c4
(refs #34069) and
partly reverts commit 3b4728310a.

Thanks Anthony Baillard for the report.

Co-Authored-By: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2023-05-02 06:04:18 +02:00
Mariusz Felisiak
5a6d4d3bfd
Refs #34118, Refs #34504 -- Added backward incompatibility note about EmailBackend.ssl_context.
Follow up to 2848e5d0ce.
2023-04-28 13:04:08 +02:00
Coen van der Kamp
7bbbadc693 Fixed #34380 -- Allowed specifying a default URL scheme in forms.URLField.
This also deprecates "http" as the default scheme.
2023-04-28 06:58:10 +02:00
Mariusz Felisiak
18a7f2c711 Added stub release notes and release date for 4.2.1, 4.1.9, and 3.2.19. 2023-04-26 08:47:44 +02:00
Mariusz Felisiak
9440f6ba41
Fixed #34512 -- Restored breadcrumbs on admin app index view.
Thanks Adam (ataylor32) for the report.

Regression in 872b61193b.
2023-04-26 08:36:56 +02:00
Ben Lomax
4dfc6ff8a8 Refs #31949 -- Made @never_cache and @cache_control() decorators to work with async functions.
Thanks Carlton Gibson and Mariusz Felisiak for reviews.
2023-04-25 10:08:03 +02:00
Andreas Dickow
c24cd6575f Updated admin's XRegExp to 5.1.1. 2023-04-25 09:30:52 +02:00
Mariusz Felisiak
92537e83c1
Fixed #34506 -- Fixed margin of ClearableFileInput in admin CSS.
Regression in 96a598356a.
2023-04-21 19:49:59 +02:00
David Wobrock
8b1ff0da4b Refs #16055 -- Deprecated get_joining_columns()/get_reverse_joining_columns() methods. 2023-04-18 12:46:27 +02:00
sarahboyce
594fcc2b74 Fixed #22569 -- Made ModelAdmin.lookup_allowed() respect get_list_filter().
Thank you Simon Meers for the initial patch.
2023-04-17 14:09:38 +02:00
Tim Graham
2c4dc64760 Used extlinks for PyPI links.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
Scott Macpherson
53aee470d5 Fixed #34486 -- Fixed DatabaseOperations.compose_sql() crash with no existing database connection on PostgreSQL.
Regression in 09ffc5c121.
2023-04-14 10:11:33 +02:00
nessita
813015d67e
Fixed #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates and interval less than 1 day.
Regression in 8d67e16493.

Thanks Lorenzo Peña for the report.
2023-04-13 13:16:33 -03:00
Mariusz Felisiak
173034b005 Refs #34482 -- Reverted "Fixed #32969 -- Fixed pickling HttpResponse and subclasses."
This reverts commit d7f5bfd241.

Thanks Márton Salomváry for the report.
2023-04-12 18:52:43 +02:00
Mariusz Felisiak
280ca147af Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling HttpRequest and subclasses."
This reverts commit 6220c445c4.

Thanks Adam Johnson and Márton Salomváry for reports.
2023-04-12 18:52:43 +02:00
Marcelo Galigniana
dfc720c521 Fixed #27505 -- Allowed customizing Paginator's error messages. 2023-04-12 14:02:28 +02:00
sarahboyce
3b4728310a Fixed #34455 -- Restored i18n_patterns() respect of prefix_default_language argument when fallback language is used.
Regression in 94e7f471c4.

Thanks Oussama Jarrousse for the report.
2023-04-10 08:49:54 +02:00
Mariusz Felisiak
5b8a043bf5
Fixed #34470 -- Enforced UTF-8 encoding on PostgreSQL.
Regression in 6a21658163.
2023-04-07 10:11:41 +02:00
Anders Kaseorg
73cbb372ba Fixed #34466 -- Reallowed setting cursor_factory in DATABASES["options"] on PostgreSQL.
Regression in 09ffc5c121.
2023-04-07 08:02:34 +02:00
Simon Charette
9daf8b4109 Fixed #34464 -- Fixed queryset aggregation over group by reference.
Regression in 59bea9efd2.

Refs #28477.

Thanks Ian Cubitt for the report.
2023-04-07 06:57:32 +02:00
Mariusz Felisiak
4bf4222010 Fixed #34459 -- Fixed SearchVector() crash for parameters with % symbol.
Thanks Patryk Zawadzki for the report.

Regression in 09ffc5c121.
2023-04-06 13:32:47 +02:00
Mariusz Felisiak
fdf0a367bd Added release date for 4.1.8. 2023-04-05 06:09:31 +02:00
Simon Charette
87c63bd8df Fixed #34458 -- Fixed QuerySet.defer() crash on attribute names.
Thanks Andrew Cordery for the report.

Regression in b3db6c8dcb.
2023-04-05 05:38:10 +02:00
David Sanders
ff9ceed32b Refs #34434 -- Added note about breaking changes in psycopg version 3 to release notes. 2023-04-04 16:30:15 +02:00
th3nn3ss
1d1ddffc27 Fixed #33738 -- Allowed handling ASGI http.disconnect in long-lived requests. 2023-04-03 14:01:48 +02:00
Mariusz Felisiak
4e4eda6d6c Added stub release notes for 4.2.1. 2023-04-03 11:17:54 +02:00
Mariusz Felisiak
8adbab49e1 Finalized release notes for Django 4.2. 2023-04-03 09:00:23 +02:00
Mariusz Felisiak
7330408ac3
Reverted "Refs #31949 -- Enabled @sensitive_variables to work with async functions."
This reverts commits 23cbed2187 and
203a15cadb.
2023-03-30 10:22:23 +02:00
David Smith
cad376f844 Fixed #34077 -- Added form field rendering. 2023-03-24 10:16:30 +01:00
David Wobrock
d6b6e5d0fd Fixed #28553 -- Fixed annotation mismatch with QuerySet.values()/values_list() on compound queries.
Co-authored-by: Matthias Kestenholz <mk@feinheit.ch>
2023-03-24 06:09:27 +01:00
Jon Janzen
23cbed2187
Refs #31949 -- Enabled @sensitive_variables to work with async functions. 2023-03-22 10:21:04 +01:00
T. Franzel
a2eaea8f22 Fixed #34388 -- Allowed using choice enumeration types directly on model and form fields. 2023-03-21 19:44:41 +01:00
Mariusz Felisiak
e10c1688f9
Fixed #34322 -- Made ES module support to ManifestStaticFilesStorage optional.
Co-authored-by: Author: Claude Paroz <claude@2xlibre.net>
2023-03-18 14:05:41 +01:00
sarahboyce
d2b688b966 Fixed #1873 -- Handled multi-valued query parameters in admin changelist filters. 2023-03-16 08:38:44 +01:00
Mariusz Felisiak
18473004af
Fixed #34395 -- Updated admin's jQuery to 3.6.4. 2023-03-09 08:55:08 +01:00
nabil-rady
32d4b61c31 Fixed #34370 -- Added integer fields validation as 64-bit on SQLite. 2023-03-08 11:52:57 +01:00
David Wobrock
2396933ca9 Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen
e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
Jon Janzen
e83a88566a Fixed #32172 -- Adapted signals to allow async handlers.
co-authored-by: kozzztik <kozzztik@mail.ru>
co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2023-03-07 08:39:25 +01:00
Mariusz Felisiak
9a07999aef Added stub release notes for 4.1.8. 2023-03-06 17:31:26 +01:00
Ivan Sagalaev
a4205076a5
Fixed typo in docs/releases/5.0.txt. 2023-03-05 14:01:19 +01:00
sarahboyce
868e2fcdda Fixed #32539 -- Added toggleable facet filters to ModelAdmin.
Thanks Carlton Gibson, Simon Willison, David Smith, and Mariusz
Felisiak for reviews.
2023-03-03 20:24:57 +01:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Xavier Fernandez
5b3d3e400a Fixed #34338 -- Allowed customizing code of ValidationError in BaseConstraint and subclasses. 2023-02-23 10:58:20 +01:00
Xavier Fernandez
ad18a0102c Fixed #34355 -- Deprecated passing positional arguments to BaseConstraint. 2023-02-22 09:37:58 +01:00
Tim Graham
31cd2852cb
Moved DatabaseIntrospection.get_table_description() internal_size release note to "Database backend API" section. 2023-02-22 05:17:02 +01:00
Durval Carvalho
85366fbca7 Fixed #34045 -- Improved accessibility of selecting items in admin changelist.
This adds "aria-label".
2023-02-16 08:29:40 +01:00
tschilling
c5808470aa Fixed #34280 -- Allowed specifying different field values for create operation in QuerySet.update_or_create(). 2023-02-14 11:50:35 +01:00
Carlton Gibson
ecafcaf634 Added CVE-2023-24580 to security archive. 2023-02-14 09:52:30 +01:00
Markus Holtermann
85ac33591c Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.
Thanks to Jakob Ackermann for the report.
2023-02-14 08:18:40 +01:00
Sota Tabu
3e9d413231 Fixed #34318 -- Added release note for 4bfe8c0eec. 2023-02-13 11:59:11 +01:00
Carlton Gibson
534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
Jacob Rief
473283d241
Fixed #34303 –- Allowed customizing admin site log entry list.
Added AdminSite.get_log_entries() as an override point and made this
available to the template via each_context().
2023-02-08 18:37:32 +01:00
Mariusz Felisiak
2fd755b361
Fixed #34319 -- Fixed Model.validate_constraints() crash on ValidationError with no code.
Thanks Mateusz Kurowski for the report.

Regression in 667105877e.
2023-02-08 16:38:55 +01:00
Bakdolot
5f3c7b7e1d
Fixed #34317 -- Renamed "instance" argument of BaseModelFormSet.save_existing() method. 2023-02-07 14:18:58 +01:00
Carlton Gibson
fb77be9ae1 Fixed typo in release notes. 2023-02-07 10:11:01 +01:00
Carlton Gibson
7e003428f9 Added stub release notes for 4.0.10 and 3.2.18.
Set date for 4.1.7 release.
2023-02-07 10:08:21 +01:00
Mariusz Felisiak
5e9aded33f
Increased the default PBKDF2 iterations for Django 5.0.
Follow up to 9a1848f48c.
2023-02-04 13:37:44 +01:00
Mariusz Felisiak
f3c89744cc Added stub release notes for 4.1.7. 2023-02-01 13:18:34 +01:00
Mariusz Felisiak
36e3eef7d5 Added CVE-2023-23969 to security archive. 2023-02-01 12:09:03 +01:00
Nick Pope
8c660fb592 Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:44:04 +01:00
Mariusz Felisiak
2b1242abb3
Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
Thanks Dan F for the report.

Bug in 667105877e.
2023-01-26 09:31:40 +01:00
Mariusz Felisiak
882f99031e
Moved release note about the default PBKDF2 iterations into django.contrib.auth section.
Thanks Tim Graham for the report.
2023-01-25 22:25:29 +01:00
Carlton Gibson
d8e1442ce2 Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 12:26:00 +01:00
Carlton Gibson
1df963ad24 Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 11:57:04 +01:00
Niccolò Mineo
79c298c9ce Fixed #34266 -- Added ClosestPoint GIS database functions. 2023-01-20 08:13:43 +01:00
Mariusz Felisiak
b209518089
Refs #32339 -- Deprecated transitional form renderers. 2023-01-18 11:08:39 +01:00
Mariusz Felisiak
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9. 2023-01-18 09:46:01 +01:00
John Whitlock
d547171183
Fixed typo in docs/releases/4.2.txt. 2023-01-17 19:27:51 +01:00
Mariusz Felisiak
2785e121c7
Doc'd that 4.2 is LTS. 2023-01-17 19:24:31 +01:00
Mariusz Felisiak
a209f66259
Removed remaining empty sections from 4.2 release notes.
Follow up to 772cd2b15b.
2023-01-17 14:05:32 +01:00
Sébastien Corbin
e2964fed17
Fixed #34264 -- Moved release note about session cookies into error reporting section. 2023-01-17 13:08:42 +01:00
Mariusz Felisiak
4fc711a108 Increased the default PBKDF2 iterations for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
94ad46e9d8 Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
98756c685e Refs #32339 -- Changed default form and formset rendering style to div-based.
Per deprecation timeline.

This also removes "django/forms/default.html" and
"django/forms/formsets/default.html" templates.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8 Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ce7b4f39e3 Refs #27674 -- Removed django.contrib.gis.admin.OpenLayersWidget per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
71d1203b07 Refs #33348 -- Removed support for passing response object and form/formset name to SimpleTestCase.assertFormError()/assertFormSetError().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
d6816bff73 Refs #32365 -- Removed django.utils.timezone.utc per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952 Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4d78d7338c Refs #31486 -- Removed ability to pass unsaved model instances to related filters.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
1391356276 Refs #29984 -- Made QuerySet.iterator() without chunk_size raise ValueError after prefetch_related().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b119f4329c Refs #29708 -- Removed PickleSerializer per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23c8787439 Refs #33348 -- Removed support for passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00