mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 04:39:13 +00:00
Code Issues 32 Releases Wiki Activity
27,060 Commits 29 Branches 451 Tags
Commit Graph

27060 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mariusz Felisiak
5c3300027b [2.2.x] Bumped version for 2.2.28 release. 2.2.28 2022-04-11 09:25:38 +02:00
Mariusz Felisiak
29a6c98b4c [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:23:12 +02:00
Mariusz Felisiak
2c09e68ec9 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:22:17 +02:00
Mariusz Felisiak
8352b98e46 [2.2.x] Added stub release notes for 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:55:50 +02:00
Mariusz Felisiak
2801f29dad [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 
This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40.
Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main
 2022-03-26 12:29:29 +01:00
Mariusz Felisiak
e03648f09c [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 
See https://github.com/pallets/jinja/pull/1621.
Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main
 2022-03-25 08:54:13 +01:00
David Smith
9d13d8c10b [2.2.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main.
 2022-02-02 07:20:28 +01:00
Mariusz Felisiak
047ece3014 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:54:34 +01:00
Mariusz Felisiak
2427b2fee3 [2.2.x] Post-release version bump. 2022-02-01 08:10:18 +01:00
Mariusz Felisiak
e541f2d05b [2.2.x] Bumped version for 2.2.27 release. 2.2.27 2022-02-01 08:07:46 +01:00
Mariusz Felisiak
c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:57:28 +01:00
Markus Holtermann
c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:56:29 +01:00
Mariusz Felisiak
4cafd3aacb [2.2.x] Added stub release notes 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
 2022-01-25 07:29:28 +01:00
Carlton Gibson
77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 
Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
 2022-01-04 11:39:54 +01:00
Carlton Gibson
e085d46e4b [2.2.x] Post-release version bump. 2022-01-04 10:36:12 +01:00
Carlton Gibson
44e7cca623 2.2.x] Bumped version for 2.2.26 release. 2.2.26 2022-01-04 10:30:01 +01:00
Florian Apolloner
4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:20:31 +01:00
Florian Apolloner
c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:20:31 +01:00
Florian Apolloner
2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:20:31 +01:00
Carlton Gibson
03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release. 2021-12-28 10:10:15 +01:00
Mariusz Felisiak
b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 
Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6.
Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main
 2021-12-15 18:56:38 +01:00
Mariusz Felisiak
573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive. 
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
 2021-12-07 08:56:25 +01:00
Mariusz Felisiak
8439938602 [2.2.x] Post-release version bump. 2021-12-07 07:05:38 +01:00
Mariusz Felisiak
79d8dcefb2 [2.2.x] Bumped version for 2.2.25 release. 2.2.25 2021-12-07 07:03:33 +01:00
Florian Apolloner
7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
 2021-12-07 07:02:14 +01:00
Mariusz Felisiak
0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds. 
Backport of 0cf2d48ba83543b16bdf390d941eb98e8d34f3bd from stable/3.2.x.
 2021-11-30 12:12:07 +01:00
Mariusz Felisiak
fac0fdd95d [2.2.x] Added stub release notes for 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main.
 2021-11-30 11:31:56 +01:00
Mariusz Felisiak
4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. 
See dd2ff3e911.
Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main
 2021-11-18 13:33:29 +01:00
Adam Johnson
5289fcfffe [2.2.x] Configured Read The Docs to build all formats. 
`all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable?
Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main
 2021-11-18 12:25:47 +01:00
Carlton Gibson
9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 
This pins Sphinx version, because the default Sphinx version used by
RTD is not compatible with Python 3.8+.

This also, sets Python 3.8 for RTD builds which is compatible with all
current versions of Django.

Thanks to Mariusz Felisiak for the suggestion.

Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main.
 2021-11-03 19:05:19 +01:00
Carlton Gibson
029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. 
Co-authored-by: Andrew Neitsch <andrew@neitsch.ca>

Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main
 2021-11-03 19:04:59 +01:00
Mariusz Felisiak
12141e3116
[2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. 
Follow up to 837ffcfa681d0f65f444d881ee3d69aec23770be.
 2021-11-03 08:42:27 +01:00
Mariusz Felisiak
cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist. 
Backport of e43a131887e2a316d4fb829c3a272ef0cbbeea80 from main
 2021-10-12 15:18:17 +02:00
Mariusz Felisiak
05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. 
Thanks Michał Górny for the report.

Backport of 50ed545e2fa02c51e0d1559b83624f256e4b499b from main.
 2021-09-02 11:06:10 +02:00
Mariusz Felisiak
a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs. 
According to DEP 0010.

Backport of f2ed2211c26ba375390cb76725c95ae970a0fd1d from main.
 2021-07-30 11:53:15 +02:00
Mariusz Felisiak
66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. 
According to DEP 0010.

Backport of 228ec8e015bac9751c8aef3107358fbb2cb3301b from main
 2021-07-30 11:52:46 +02:00
Mariusz Felisiak
d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs. 
According to DEP 0010.

Backport of caa2dd08c4722c8702588f5dfe1fa4c506aa66fc from main
 2021-07-30 11:52:43 +02:00
Mariusz Felisiak
8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 
Backport of 37e8367c359cd115f109d82f99ff32be219f4928 from main.
 2021-07-13 20:26:17 +02:00
Mariusz Felisiak
837ffcfa68
[2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. 2021-06-21 13:06:31 +02:00
Mariusz Felisiak
dc43667eab [2.2.x] Fixed docs header underlines in security archive. 
Backport of d9cee3f5f2f90938d2c2c0230be40c7d50aef53d from main
 2021-06-02 12:29:11 +02:00
Carlton Gibson
3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. 
Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main
 2021-06-02 11:19:59 +02:00
Carlton Gibson
48bde7cab4 [2.2.x] Post-release version bump. 2021-06-02 10:36:52 +02:00
Carlton Gibson
2da029d854 [2.2.x] Bumped version for 2.2.24 release. 2.2.24 2021-06-02 10:28:20 +02:00
Mariusz Felisiak
f27c38ab5d [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
 2021-06-02 10:26:22 +02:00
Florian Apolloner
053cc9534d [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:26:22 +02:00
Carlton Gibson
6229d8794f [2.2.x] Confirmed release date for Django 2.2.24. 
Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main.
 2021-06-02 10:23:20 +02:00
Carlton Gibson
f163ad5c63 [2.2.x] Added stub release notes and date for Django 2.2.24. 
Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main
 2021-05-26 10:21:53 +02:00
Mariusz Felisiak
bed1755bc5 [2.2.x] Changed IRC references to Libera.Chat. 
Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main.
 2021-05-20 12:42:48 +02:00
Mariusz Felisiak
63f0d7a0f6 [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fields.test_filefield tests on Python 3.5. 2021-05-14 06:59:11 +02:00
Mariusz Felisiak
5fe4970bd0 [2.2.x] Post-release version bump. 2021-05-13 09:22:34 +02:00