mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity
33,926 Commits 30 Branches 463 Tags
5bd775703c361d05458f1d81684500705d0f51ea
Commit Graph

5149 Commits

Author SHA1 Message Date
Mariusz Felisiak
5bd775703c Fixed #36623 -- Dropped support for PostgreSQL 14 and PostGIS 3.1. 2025-10-03 17:12:57 -04:00
Mariusz Felisiak
1499c95d99 Rewrapped security archive at 79 chars. 2025-10-01 16:24:00 -04:00
Jacob Walls
43d84aef04 Added CVE-2025-59681 and CVE-2025-59682 to security archive. 2025-10-01 10:39:02 -04:00
Jacob Walls
1324d9037e Added stub release notes for 5.2.8. 2025-10-01 10:30:45 -04:00
Sarah Boyce
924a0c092e Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract(). 
Thanks stackered for the report.

Follow up to 05413afa8c.
 2025-10-01 08:12:07 -04:00
Mariusz Felisiak
41b43c74bd Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. 
Thanks sw0rd1ight for the report.

Follow up to 93cae5cb2f.
 2025-10-01 08:11:45 -04:00
Jacob Walls
6c82b0bc91 Made cosmetic edits to 5.2.7 release notes. 2025-09-30 16:31:01 -04:00
Adam Johnson
8b241f84e2 Fixed #36614 -- Deprecated QuerySet.values_list(flat=True) without a field. 
Thanks to Jacob Walls and Simon Charette for their input.

co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2025-09-30 08:46:28 +02:00
John Parton
1820d35b17 Fixed #36605 -- Added support for QuerySet.in_bulk() after .values() or .values_list(). 
co-authored-by: Adam Johnson <me@adamj.eu>
co-authored-by: Simon Charette <charette.s@gmail.com>
 2025-09-25 08:51:43 -04:00
Mariusz Felisiak
00174507f8 Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. 2025-09-24 11:39:07 -04:00
Adam Johnson
f2e0219867 Refs #36163 -- Removed currentmodule directive from 6.0 release notes. 2025-09-24 13:06:00 +02:00
Adam Johnson
2e870c6071 Refs #36163 -- Removed duplicated release note paragraph. 2025-09-24 13:06:00 +02:00
Tim Graham
1acb00b26d Fixed #36616 -- Added DatabaseOperations.adapt_durationfield_value(). 2025-09-23 18:36:49 +02:00
Jean Patrick Prenis
9af8225117 Fixed #36609 -- Added Haitian Creole (ht) language. 
Thanks Rebecca Conley for the review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2025-09-23 08:04:13 +02:00
David Smith
e20e189045 Refs #33783 -- Added IsEmpty GIS database function and __isempty lookup on SpatiaLite. 2025-09-22 22:04:42 -04:00
Adam Johnson
74a9c2711c Refs #28586 -- Split descriptor from GenericForeignKey. 
This makes GenericForeignKey more similar to other fields which act as
descriptors, preparing it to add “fetcher protocol” support in a clear and
consistent way.
 2025-09-18 19:44:16 -04:00
Natalia
4840ab0965 Updated translations from Transifex. 
Forwardport of 2a2936c3e6 from stable/5.2.x.
 2025-09-18 09:53:05 -03:00
Jacob Walls
b83204a06e Increased the default PBKDF2 iterations for Django 6.1. 2025-09-17 15:17:05 -03:00
Jacob Walls
0655d958bd Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing aprocess_request(). 
Per deprecation timeline.
 2025-09-17 15:17:05 -03:00
Jacob Walls
7d7e5cd055 Refs #35444 -- Removed contrib.postgres aggregates ordering kwarg per deprecation timeline. 2025-09-17 15:17:05 -03:00
Jacob Walls
32e266dc5b Refs #35530 -- Removed request.user or auser() fallback in auth.login and auth.alogin. 
Per deprecation timeline.
 2025-09-17 15:17:05 -03:00
Jacob Walls
a146fe2930 Refs #22712 -- Removed all parameter from django.contrib.staticfiles.finders.find(). 
Per deprecation timeline.
 2025-09-17 15:17:05 -03:00
Jacob Walls
1db79d8acf Added stub release notes for 6.1. 2025-09-17 15:17:05 -03:00
Natalia
154aa62e6f Made cosmetic edits to docs/releases/6.0.txt. 2025-09-17 14:20:40 -03:00
Natalia
eae8cc4201 Removed empty sections from 6.0 release notes. 2025-09-17 14:20:40 -03:00
antoliny0919
1e7728888d Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget chosen labels in TabularInlines. 
Regression in a0f50c2a48.
 2025-09-17 09:56:01 +02:00
Jake Howard
4289966d1b Fixed #35859 -- Added background Tasks framework interface. 
This work implements what was defined in DEP 14
(https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst).

Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce,
Jacob Walls, and Natalia Bidart for the reviews.
 2025-09-16 17:28:32 -03:00
GappleBee
218f69f05e Fixed #28041 -- Added Lexeme expression to contrib.postgres.search. 
This expression automatically escapes its input and allows
fine-grained control over prefix matching and term weighting
via logical combinations.

Thanks Mariusz Felisiak, Adam Zapletal, Paolo Melchiorre,
Jacob Walls, Adam Johnson, and Simon Charette for reviews.

Co-authored-by: joetsoi <joetsoi@users.noreply.github.com>
Co-authored-by: Karl Hobley <karl@kaed.uk>
Co-authored-by: Alexandr Tatarinov <tatarinov1997@gmail.com>
 2025-09-16 15:09:11 -04:00
Simon Charette
94680437a4 Fixed #27222 -- Refreshed model field values assigned expressions on save(). 
Removed the can_return_columns_from_insert skip gates on existing
field_defaults tests to confirm the expected number of queries are
performed and that returning field overrides are respected.
 2025-09-14 00:27:50 +02:00
Simon Charette
55a0073b3b Refs #27222 -- Refreshed GeneratedFields values on save() initiated update. 
This required implementing UPDATE RETURNING machinery that heavily
borrows from the INSERT one.
 2025-09-14 00:27:49 +02:00
Mridul Dhall
e183d6c26c Fixed #36597 -- Corrected directives for functions from email module in docs. 
Thanks Mike Edmunds for the report.
 2025-09-12 18:51:52 +02:00
Carlton Gibson
892a45d642 Refs #36410 -- Added link to migration guide for template-partials. 2025-09-08 15:29:58 +02:00
Mike Edmunds
0231f71d31 Fixed #36524 -- Enabled docs cross references to EmailMessage methods. 
Updated docs for class django.core.mail.EmailMessage to use Sphinx
`method::` directives, allowing cross references to those methods
elsewhere in the docs.

Updated references to those methods in the email docs and 6.0 release
notes to link directly to the specific methods.
 2025-09-05 15:56:16 -04:00
Tim Graham
2a636118da Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. 2025-09-05 10:43:10 -04:00
Adam Johnson
0ddbe12ea9 Refs #36121 -- Fixed location of release note. 2025-09-05 08:17:02 -04:00
Mariusz Felisiak
686a8a62ae Added missing backticks in docs/releases/security.txt. 2025-09-04 11:10:09 +02:00
Sarah Boyce
f0c05a40d2 Added CVE-2025-57833 to security archive. 2025-09-03 15:26:45 +02:00
Sarah Boyce
ab7c7dd99b Added stub release notes for 5.2.7. 2025-09-03 15:20:37 +02:00
Jake Howard
5171171709 Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in column aliases. 
Thanks Eyal Gabay (EyalSec) for the report.
 2025-09-03 13:10:58 +02:00
Sarah Boyce
d044e25dc2 Made cosmetic edits to 5.2.6 release notes. 2025-09-03 12:15:01 +02:00
사재혁
e427e6b19b Refs #35967 -- Removed deprecation note from backwards incompatible changes in 6.0 release notes. 
Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-09-01 21:31:21 +02:00
Clifford Gama
6c37a2fbb2 Removed outdated deprecation note in 6.0 release notes. 2025-08-31 08:18:23 +02:00
Jacob Walls
a627194567 Refs #36485 -- Corrected docs linter to detect too-long lines at file end. 2025-08-29 17:35:50 -04:00
SaJH
bb7a7701b1 Fixed #36431 -- Returned tuples for multi-column ForeignObject in values()/values_list(). 
Thanks Jacob Walls and Simon Charette for tests.

Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-08-29 15:33:44 -04:00
Rob Hudson
550822bcee Fixed #36532 -- Added Content Security Policy view decorators to override or disable policies. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-08-28 17:23:48 -03:00
Simon Charette
292b9e6fe8 Refs #27222 -- Adapted RETURNING handling to be usable for UPDATE queries. 
Renamed existing methods and abstractions used for INSERT … RETURNING
to be generic enough to be used in the context of UPDATEs as well.

This also consolidates SQL compliant implementations on
BaseDatabaseOperations.
 2025-08-28 20:44:21 +02:00
Adam Johnson
56955636e6 Ensured :doc: role uses absolute targets in docs. 2025-08-28 13:48:32 -03:00
SaJH
3c0c54351b Fixed #36570 -- Removed unnecessary :py domain from documentation roles. 
Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-08-28 08:52:43 +02:00
Sarah Boyce
4c71e33440 Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. 2025-08-27 16:01:20 +02:00
Sarah Boyce
d0e4dd5cdd Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." 
This reverts commit 0246f47888.
 2025-08-27 10:50:50 +02:00