mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity
34,009 Commits 30 Branches 463 Tags
6e18c078d5c044a1d22dd6a64ace11d9e5f6d0bc
Commit Graph

34009 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Natalia
6e18c078d5 Added stub release notes for 5.2.9. 2025-11-05 11:12:30 -03:00
Jacob Walls
3c3f463577 Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on dictionary expansion. 2025-11-05 09:20:57 -03:00
Jacob Walls
98e642c691 Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. 
Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon
Charette, and Jake Howard for the reviews.
 2025-11-05 09:20:57 -03:00
Jacob Walls
c880530ddd Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 
Thanks Seokchan Yoon for the report, Markus Holtermann for the
triage, and Jake Howard for the review.

Follow-up to CVE-2025-27556 and 39e2297210.
 2025-11-05 09:20:57 -03:00
Hal Blackburn
74564946c3 Fixed #36704 -- Fixed system check error for proxy model with a composite pk. 
Proxy models subclassing a model with a CompositePrimaryKey were
incorrectly reporting check errors because the check that requires only
local fields to be used in a composite pk was evaluated against the proxy
subclass, which has no fields.

To fix this, composite pk field checks are not evaluated against
proxy subclasses, as none of the checks are applicable to proxy
subclasses. This also has the benefit of not double-reporting real check
errors from an invalid superclass pk.

Thanks Clifford Gama for the review.
 2025-11-04 11:59:21 -05:00
Jayden Kneller
e27cff68a3 Fixed #36652 -- Increased determinism when loading migrations from disk. 
Ordering still depends on pkgutil.iter_modules, which does not guarantee
order, but at least now Django is not introducing additional indeterminism,
causing CircularDependencyError to appear or not appear in some edge cases.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-11-04 08:15:22 -05:00
ontowhee
eaf7b563a5 Updated ticket triage process diagram and contributing docs. 2025-11-04 09:38:03 -03:00
Augusto Pontes
8af79e2c0c Fixed #36695 -- Fixed handling of parameterized generics in migration serialization. 
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-11-03 20:45:48 -05:00
Mariusz Felisiak
05ba1a9228 Fixed #36661 -- Added introspection of database-level delete options. 2025-10-31 14:33:27 +01:00
Patrick Rauscher
6019147229 Fixed #36696 -- Fixed NameError when inspecting functions with deferred annotations. 
In Python 3.14, annotations are deferred by default, so we should not
assume that the names in them have been imported unconditionally.
 2025-10-31 08:44:37 -04:00
Tim Schilling
340e4f832e Added community package storage backends mention to docs. 
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-10-30 17:21:28 -04:00
Mariusz Felisiak
3939cd2795 Refs #36680 -- Fixed admin_scripts tests crash when black is not installed. 
Regression in 6436ec3210.
 2025-10-30 08:38:17 -03:00
Clifford Gama
7fc9db1c6a Refs #35381 -- Clarified key and index lookup handling of None in exact lookup docs. 2025-10-29 15:00:52 -04:00
Clifford Gama
348ca84538 Refs #35381 -- Deprecated using None in JSONExact rhs to mean JSON null. 
Key and index lookups are exempt from the deprecation.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-10-29 15:00:52 -04:00
Clifford Gama
be7f68422d Refs #35381 -- Delegated ArrayField element prepping to base_field.get_db_prep_save. 
Previously, ArrayField always used base_field.get_db_prep_value when saving,
which could differ from how base_field prepares data for save. This change
overrides ArrayField.get_db_prep_save to delegate to the base_field's
get_db_prep_save, ensuring elements like None in JSONField arrays are saved
correctly as SQL NULL instead of JSON null.
 2025-10-29 15:00:52 -04:00
Clifford Gama
adc25a9a66 Fixed #35381 -- Added JSONNull() expression. 
Thanks Jacob Walls for the review.
 2025-10-29 15:00:52 -04:00
Jacob Walls
ab108bf94d Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26. 2025-10-29 14:57:45 -03:00
Clifford Gama
01f8460653 Fixed #36329 -- Removed non-code custom link text when cross-referencing Python objects. 
Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2025-10-29 11:32:12 -04:00
Jacob Walls
1aa69a7491 Fixed #36678 -- Limited retries in ParallelTestRunner. 
Thanks Natalia Bidart for the review.
 2025-10-29 09:11:31 -03:00
Jacob Walls
787cc96ef6 Refs #35972 -- Returned params in a tuple in further lookups. 2025-10-29 07:38:20 -04:00
Jacob Walls
43933a1dca Reverted "Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping." 
This reverts commit ea3a71c2d0.

The implementation was flawed, as self.group_by contains Cols, not aliases.
 2025-10-28 11:40:01 -04:00
Mariusz Felisiak
9ba3f74a46 Fixed #36596 -- Made parallel test runner respect django_test_skips and django_test_expected_failures. 2025-10-28 10:55:49 -04:00
Jacob Walls
6436ec3210 Fixed #36680 -- Parametrized formatter discovery in AdminScriptTestCase. 2025-10-28 08:02:10 -04:00
Michal Mládek
ea3a71c2d0 Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping. 
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2025-10-27 15:11:19 -04:00
Kasyap Pentamaraju
0ea01101c3 Fixed #36681 -- Removed English pluralization bias from example in docs/topics/i18n/translation.txt. 2025-10-27 14:41:53 -04:00
Mariusz Felisiak
c87daabbf3 Fixed #36624 -- Dropped support for MySQL < 8.4. 2025-10-27 15:05:23 +01:00
Matthew Shirley
4744e9939b Fixed #36683 -- Added error message on QuerySet.update() following distinct(*fields). 2025-10-25 12:21:27 -04:00
Ken Nzioka
3ff32c50d1 Fixed #36674 -- Fixed memory leak in select_related(). 2025-10-24 15:51:39 -04:00
Natalia
6fcbbe0b85 Fixed IntegrityError in bulk_create.tests.BulkCreateTransactionTests due to duplicate primary keys. 
Some tests in BulkCreateTransactionTests were inserting Country objects
with hardcoded primary keys, which could conflict with existing rows
(if the sequence value wasn't bumped by another test).

Updated the tests to dynamically select an unused primary key instead.

Thanks to Simon Charette for the exhaustive and enlightening review.
 2025-10-24 11:33:40 -03:00
Annabelle Wiegart
7423918125 Fixed #35095 -- Clarified Swiss number formatting in docs/topics/i18n/formatting.txt. 
Co-authored-by: Ahmed Nassar <a.moh.nassar00@gmail.com>
 2025-10-23 10:11:52 -04:00
Natalia
42d6e20feb Made cosmetic edits to docs/releases/6.0.txt. 2025-10-22 15:37:52 -03:00
Mariusz Felisiak
5e2bbebed9 Refs #36664 -- Added Python 3.15 to daily builds. 2025-10-22 15:36:10 +02:00
Mariusz Felisiak
185b049e9e Refs #36499 -- Made TestUtilsHtml.test_strip_tags() assume behavior change in X.Y.0 version for Python 3.14+. 
This also removes unsupported versions of Python from the test dict.
 2025-10-22 10:04:38 +02:00
Jacob Walls
b6c9246d0a Fixed #36677 -- Fixed scheduling of system checks in ParallelTestSuite workers. 
Running system checks in workers must happen after database aliases
are set up.

Regression in 606fc35279.
 2025-10-21 22:54:20 -04:00
Mariusz Felisiak
548209e620 Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+. 
tblib 3.2+ makes exception subclasses with __init__() and the default
__reduce__() picklable. This broke the test for
RemoteTestResult._confirm_picklable(), which expects a specific
exception to fail unpickling.

https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21

This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way
that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj))
raises TypeError.

Refs #27301. This preserves the intent of the regression test from
52188a5ca6 without skipping it.
 2025-10-21 23:10:31 -03:00
Adam Johnson
a0323a0c44 Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware. 2025-10-21 10:45:12 -04:00
YashRaj1506
9bb83925d6 Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND. 
Migrated `WSGIRequestHandler.log_message()` to use a more robust
`log_message()` helper, which was based of `log_response()` via factoring out
the common bits.

Refs CVE-2025-48432.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-10-20 16:21:32 -03:00
Emmanuel Ferdman
5625bd5907 Removed duplicate display_raw key in expected data in GeometryWidgetTests. 
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-10-20 14:52:02 -03:00
Mariusz Felisiak
344ae16e1e Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+. 2025-10-20 16:03:39 +02:00
Mariusz Felisiak
ca3e0484ef Refs #36005 -- Bumped minimum supported versions of docutils to 0.22. 2025-10-19 20:13:16 +02:00
Mariusz Felisiak
d506e4a528 Fixed #36671 -- Dropped support for SQLite < 3.37. 2025-10-18 21:04:11 +02:00
Mariusz Felisiak
0c487aa3a7 Fixed #21961 -- Added support for database-level delete options for ForeignKey. 
Thanks Simon Charette for pair programming.

Co-authored-by: Nick Stefan <NickStefan12@gmail.com>
Co-authored-by: Akash Kumar Sen <71623442+Akash-Kumar-Sen@users.noreply.github.com>
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2025-10-18 15:03:50 +02:00
Segni Mekonnen
b1e0262c9f Fixed #36665 -- Improved manager usage guidance in docs/topics/db/optimization.txt. 2025-10-17 17:15:10 -04:00
Mariusz Felisiak
56977b466c Refs #35844 -- Doc'd Python 3.14 compatibility. 2025-10-17 19:25:02 +02:00
Mariusz Felisiak
2d9c194d5a Refs #35844 -- Relaxed GEOSIOTest.test02_wktwriter() test assertion. 2025-10-17 19:25:02 +02:00
aj2s
f715bc8990 Fixed #36669 -- Doc'd that negative indexes are not supported in F() slices. 2025-10-17 10:20:23 -04:00
Jacob Walls
d980d68609 Bumped minimum isort version to 7.0.0. 
Added ignores relating to https://github.com/PyCQA/isort/issues/2352.
 2025-10-16 14:59:02 -04:00
Adam Johnson
e244d8bbb7 Refs #28586 - Copied fetch mode in QuerySet.create(). 
This change allows the pattern `MyModel.objects.fetch_mode(...).create(...)` to
set the fetch mode for a new object.
 2025-10-16 14:52:22 -04:00
Adam Johnson
6dc9b04018 Refs #28586 -- Copied fetch modes to related objects. 
This change ensures that behavior and performance remain consistent when
traversing relationships.
 2025-10-16 14:52:22 -04:00
Adam Johnson
821619aa87 Refs #28586 -- Simplified related descriptor get_queryset() methods. 
Modify these methods to accept an instance parameter which is clearer and
allows us to set the instance hint earlier.
 2025-10-16 14:52:22 -04:00