Andrew Miller
69aa13ffb9
Fixed #35591 -- Added unsuitable for production console warning to runserver.
2024-08-09 10:34:10 +02:00
Adam Johnson
9582745257
Fixed #35622 -- Made unittest ignore Django assertions in traceback frames.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-08 21:34:01 -03:00
Natalia
e1606d27b4
Added test for acheck_password() to ensure make_password is called for unusable passwords.
...
This is a follow up for the fix of CVE-2024-39329
(5d8645857936c142a3973694799c52165e2bdcdb) where the timing of
verify_password() was standardized when checking unusable passwords.
2024-08-08 12:53:36 -03:00
Jure Cuhalev
f8ef4579ea
Doc'd that SessionMiddleware is required for the admin site.
...
The system check "admin.E410" was already checking for this, but the
requirement was not listed in docs/ref/contrib/admin/index.txt.
2024-08-08 08:48:41 -03:00
Andrew Miller
cec62fb99e
Refs #35591 -- Emphasized that runserver is not suitable for production.
2024-08-08 10:08:53 +02:00
Adam Johnson
49815f70e4
Refs #31405 -- Improved LoginRequiredMiddleware documentation.
...
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Mariusz Felisiak
7fb15ad5bc
Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy.
...
Thanks Michał Górny for the report.
2024-08-08 09:53:04 +02:00
Matthias Kestenholz
54888408a1
Fixed #35639 -- Improved admin's delete confirmation page title.
2024-08-07 18:10:49 -03:00
Natalia
790f0f8868
Added stub release notes for 5.1.1.
2024-08-07 10:38:36 -03:00
Natalia
a05187fce6
Fixed i18n.tests.TranslationTests.test_plural to use correct French translation.
...
Forwardport of d5ad743e798fadc83663f016023cd124eadc366c from stable/5.1.x.
2024-08-07 10:10:28 -03:00
Natalia
bdcf789553
Updated translations from Transifex.
...
Forwardport of 380c6e6ddd7890fbe65826873579ef6e3af0c07d from stable/5.1.x.
2024-08-07 10:09:42 -03:00
Natalia
8ad6dc636b
Finalized release notes for Django 5.1.
2024-08-07 10:04:18 -03:00
Farhan
6993c9d8c9
Fixed #35553 -- Handled import*as in HashedFilesMixin.
2024-08-07 11:01:56 +02:00
Sarah Boyce
fdc638bf4a
Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive.
2024-08-06 17:22:46 +02:00
Simon Charette
c87bfaacf8
Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
...
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak
5f1757142f
Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
...
Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
ecf1f8fb90
Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks to MProgrammer for the report.
2024-08-06 08:50:08 +02:00
Sarah Boyce
c19465ad87
Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
...
Thanks Elias Myllymäki for the report.
Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
8deb6bb1fc
Fixed #35657 -- Made FileField handle db_default values.
2024-08-05 16:36:49 -03:00
nessita
e9e14709ff
Extended script to manage translations to support fetching new translations since a given date.
2024-08-05 13:51:28 -03:00
David Sanders
509763c799
Fixed #35638 -- Updated validate_constraints to consider db_default.
2024-08-05 17:33:12 +02:00
David Sanders
91a038754b
Refs #35638 -- Avoided wrapping expressions with Value in _get_field_value_map() and renamed to _get_field_expression_map().
2024-08-05 17:33:12 +02:00
Mariusz Felisiak
304d256674
Used :pypi: role in docs where appropriate.
2024-08-05 10:35:50 -03:00
John Parton
7f8d839722
Fixed #35628 -- Allowed compatible GeneratedFields for ModelAdmin.date_hierarchy.
2024-08-05 15:27:20 +02:00
Natalia
90adba85b2
Refs #35380 -- Updated screenshots in admin docs.
2024-08-05 09:02:01 -03:00
Natalia
fb6050e784
Refs #35380 -- Updated screenshots in intro docs.
2024-08-05 09:02:01 -03:00
Natalia
6e66c77089
Fixed #35645 , Refs #35558 -- Added "medium" color in the admin CSS to improve accessibility of headings.
2024-08-05 09:02:01 -03:00
Jake Howard
d5bebc1c26
Refs #35537 -- Improved documentation and test coverage for email attachments and alternatives.
2024-08-05 09:21:44 +02:00
Sarah Boyce
5424151f96
Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on Oracle 23c."
...
This reverts commit 175b04942afaff978013db61495f3b39ea12989b due to a crash when Oracle > 23.3.
2024-08-03 09:05:30 +02:00
Mariusz Felisiak
6d3464cff0
Refs #35601 , Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs.
2024-08-02 17:40:53 -03:00
Simon Charette
a16f13a866
Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference containing "__".
...
Regression in b0ad41198b3e333f57351e3fce5a1fb47f23f376.
Refs #34013 . The initial logic did not consider that annotation aliases
can include lookup or transform separators.
Thanks Gert Van Gool for the report and Mariusz Felisiak for the review.
2024-08-02 16:21:12 -03:00
lucasesposito
b478cae006
Fixed #35601 -- Added TelInput widget.
2024-08-02 11:31:54 +02:00
arjunomray
946c3cf734
Fixed #35599 -- Added ColorInput widget.
2024-08-02 09:51:49 +02:00
Vaarun Sinha
54e8b4e582
Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget.
...
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-02 08:56:54 +02:00
Markus Holtermann
aa90795050
Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat AUTH
as a sensitive match.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-01 15:02:00 -03:00
Natalia
615c80aba6
Improved view_tests.tests.test_debug.ExceptionReporterFilterTests.
2024-08-01 15:02:00 -03:00
Bendeguz Csirmaz
1eac690d25
Refs #373 -- Added tuple lookups.
2024-08-01 17:26:09 +02:00
Sarah Boyce
3dac3271d2
Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL."
...
This reverts commit 9cf9c796be8dd53bc3b11355ff39d65c81d7be6d due to a crash on Oracle
as it didn't allow multiple indexes on the same field.
2024-08-01 09:25:33 +02:00
nessita
8cf931dd2f
Removed GitHub Actions for creating and checking reminders.
2024-07-31 10:07:57 -03:00
Jeremy Thompson
30a60e8492
Fixed #35598 -- Added SearchInput widget.
2024-07-31 13:11:45 +02:00
Sarah Boyce
3f88089069
Added stub release notes and release date for 5.0.8 and 4.2.15.
2024-07-31 11:21:32 +02:00
Ben Cail
9cf9c796be
Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL.
2024-07-30 17:27:10 +02:00
Maryam Yusuf
7e00fee3bd
Fixed #35546 -- Emphasised accepted ticket requirement in contributing docs.
2024-07-29 15:12:43 +02:00
Maryam Yusuf
9d10c7ab33
Referenced joining the triage and review team as motivation to do PR reviews.
2024-07-29 14:46:10 +02:00
Mariusz Felisiak
e3de574c1e
Refs #35074 -- Simplified and unified adding spatial indexes on MySQL and Oracle.
...
This uses `deferred_sql` and `_field_indexes_sql()` instead of custom
hooks on MySQL.
2024-07-29 12:31:32 +02:00
Tim Graham
b6ad8b687a
Added missing skips in constraint tests.
2024-07-26 18:59:12 +02:00
nessita
1b277b45cc
Added dedicated test for invalid inputs in floatformat template filter tests.
...
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-25 16:15:53 -03:00
Lorenzo Peña
0e94f292cd
Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().
...
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.
Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.
2024-07-25 09:38:46 +02:00
Sarah Boyce
2c024c9ac0
Added contributor guidelines for performance optimizations.
2024-07-25 09:25:25 +02:00
Devin Cox
cd0479ff76
Fixed #35331 -- Updated dropdown lists with entries added via the '+' sign from M2M field.
2024-07-25 08:52:24 +02:00