Aymeric Augustin
12576bd371
Refactored out RedirectURLMixin.get_redirect_url().
...
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.
This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
2022-04-20 10:04:29 +02:00
Carlton Gibson
bf7c51a5f4
Fixed #33639 -- Enabled cached template loader in development.
2022-04-19 12:13:27 +02:00
Carlton Gibson
deedf5bbc3
Refs #31169 -- Added release note for parallel test running changes.
2022-04-14 12:38:31 +02:00
Florian Apolloner
2eea361eff
Fixed #30511 -- Used identity columns instead of serials on PostgreSQL.
2022-04-13 21:51:51 +02:00
Mariusz Felisiak
b54fd0e36e
Added stub release notes for 4.0.5.
2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78eeff8d33
Added CVE-2022-28346 and CVE-2022-28347 to security archive.
2022-04-11 10:32:22 +02:00
Mariusz Felisiak
6723a26e59
Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos
62739b6e26
Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
...
Regression in 68357b2ca9
.
2022-04-11 07:37:30 +02:00
Carlton Gibson
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers.
2022-04-07 07:05:59 +02:00
sarahboyce
65effbdb10
Fixed #33471 -- Made AlterField operation a noop when changing "choices".
...
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
Baptiste Mispelon
50e1e7ef8e
Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
...
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
Mariusz Felisiak
78277faafd
Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28.
2022-04-04 10:31:57 +02:00
David
c8459708a7
Refs #32339 -- Added use_fieldset to Widget.
2022-03-30 16:28:14 +02:00
Mariusz Felisiak
fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
...
Thanks lind-marcus for the report.
This reverts commit 0c71e0f9cf
.
Regression in 0c71e0f9cf
.
2022-03-30 07:31:56 +02:00
Carlton Gibson
59ab3fd0e9
Refs #32365 -- Deprecated django.utils.timezone.utc.
2022-03-29 14:47:44 +02:00
Alokik Vijay
baf9604ed8
Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
...
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
Mariusz Felisiak
83c803f161
Updated Oracle docs links to Oracle 21c.
2022-03-29 09:41:57 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
adontz
2bee0b4328
Fixed #7497 -- Allowed overriding the order of apps and models in admin.
2022-03-25 10:33:44 +01:00
Mariusz Felisiak
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
Thomas Schmidt
1cf60ce601
Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value.
2022-03-23 19:33:36 +01:00
Mariusz Felisiak
39ae8d740e
Added missing backticks to function names.
2022-03-17 11:10:03 +01:00
Mariusz Felisiak
be80aa55ec
Removed outdated handling of length parameter to If-Modified-Since header.
...
The length parameter is not described in RFC-7232 and it's against
HTTP/1.0 and HTTP/1.1 specifications. It was an old and unofficial
extension set by some ancient versions of IE.
2022-03-15 13:07:44 +01:00
Mariusz Felisiak
6ffe48b8e4
Moved log_response() release notes into backwards incompatible changes section.
...
Follow up to 90cf963264
.
2022-03-11 22:16:46 +01:00
Adrian Torres
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
David Smith
67b5f506a6
Changed some words to use inline markup.
2022-03-10 10:18:31 +01:00
Luke Plant
ae2da5ba65
Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the max_age argument.
2022-03-07 07:57:14 +01:00
Ryan Heard
c6b4d62fa2
Fixed #29865 -- Added logical XOR support for Q() and querysets.
2022-03-04 12:55:37 +01:00
Carlton Gibson
9652a118ce
Added stub release notes for Django 4.0.4.
2022-03-01 09:58:35 +01:00
Carlton Gibson
47143e27d4
Updated release date for version 4.0.3.
2022-03-01 09:32:18 +01:00
Mariusz Felisiak
445b075def
Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin.
...
Regression in de95c82667
.
Thanks David Glenck for the report.
2022-03-01 08:09:58 +01:00
Albert Defler
2b6a3baebe
Fixed #31486 -- Deprecated passing unsaved objects to related filters.
...
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2022-02-25 07:51:37 +01:00
Shubh1815
11cc227344
Fixed #33267 -- Added link to related item to related widget wrapper in admin.
2022-02-25 06:33:05 +01:00
Claude Paroz
eabc22f919
Fixed #33328 -- Transformed formset:added/removed to native JS events.
2022-02-23 10:33:07 +01:00
David Wobrock
7c318a8bdd
Fixed #27844 -- Added optimizemigration management command.
2022-02-22 10:30:40 +01:00
Albert Defler
7ba6ebe914
Fixed #19580 -- Unified behavior of reverse foreign key and many-to-many relations for unsaved instances.
2022-02-22 09:16:40 +01:00
Theo Alexiou
659d2421c7
Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects.
2022-02-21 10:11:26 +01:00
Hasan Ramezani
9ac3ef59f9
Fixed #33379 -- Added minimum database version checks.
...
Thanks Tim Graham for the review.
2022-02-18 13:37:49 +01:00
Mariusz Felisiak
1e2e1be02b
Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting.
...
Thanks Chris Lee for the report.
Regression in 4328970780
.
Refs #23916 .
2022-02-16 21:09:24 +01:00
Carlton Gibson
d113b5a837
Refs #33476 -- Made management commands use black.
...
Run black on generated files, if it is available on PATH.
2022-02-11 12:23:26 +01:00
Theo Alexiou
f9ec777a82
Fixed #26287 -- Added support for addition operations to SimpleLazyObject.
2022-02-10 11:24:51 +01:00
Claude Paroz
4c76ffc2d6
Fixed #29490 -- Added support for object-based Media CSS and JS paths.
2022-02-10 08:48:27 +01:00
Carlton Gibson
ba94488196
Refs #33476 -- Adjusted docs and config files for Black.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-02-07 20:36:04 +01:00
David Smith
770d3e6a4c
Fixed typo in release notes.
2022-02-02 07:17:57 +01:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Mariusz Felisiak
ba4a6880d1
Added stub release notes for 4.0.3.
2022-02-01 09:10:20 +01:00
Mariusz Felisiak
9e0df0d6dd
Added CVE-2022-22818 and CVE-2022-23833 to security archive.
2022-02-01 08:17:25 +01:00
Mariusz Felisiak
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Markus Holtermann
394517f078
Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
...
Thanks Keryn Knight for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00