Refs Python CVE-2024-11168. Django should not affected, but others who
incorrectly use internal function _urlsplit() with unsanitized input
could be at risk.
https://github.com/python/cpython/pull/103849
Updated CommandTests.test_subparser_invalid_option and CommandDBOptionChoiceTests.test_invalid_choice_db_option to use assertRaisesRegex() for compatibility with modified error messages in Python 3.12, 3.13, and 3.14+..
Backport of fc22fdd34f1e55adde161f5f2dca8db90bbfce80 from main.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.
Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.
Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
Python 3.12.2 bring back the skipped tests in the number of running
tests. Refs
0a737639dc
Backport of bc8471f0aac8f0c215b9471b594d159783bac19b from main
Thanks Warwick Brown for the report.
Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.
Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
Regression in f387d024fc75569d2a4a338bfda76cc2f328f627.
Just like `OrderByList` the `ExpressionList` expression used to wrap
`Window.partition_by` must implement `get_group_by_cols` to ensure the
necessary grouping when mixing window expressions with aggregate
annotations is performed against the partition members and not the
partition expression itself.
This is necessary because while `partition_by` is implemented as
a source expression of `Window` it's actually a fragment of the WINDOW
expression at the SQL level and thus it should result in a group by its
members and not the sum of them.
Thanks ElRoberto538 for the report.
Backport of e76cc93b0168fa3abbafb9af1ab4535814b751f0 from main
Adjustments made to solve_lookup_type to defer the resolving of
references for summarized aggregates failed to account for similar
requirements for lookup values which can also reference annotations
through Aggregate.filter.
Regression in b181cae2e3697b2e53b5b67ac67e59f3b05a6f0d.
Refs #25307.
Thanks Sergey Nesterenko for the report.
Backport of 7530cf3900ab98104edcde69e8a2a415e82b345a from main
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of f7389c4b07ceeb036436e065898e411b247bca78 from main
Regression in f3f9d03edf17ccfa17263c7efa0b1350d1ac9278 (4.2) and
8ed25d65ea7546fafd808086fa07e7e5bb5428fc (5.0).
Backport of 34b411762b50883d768d7b67e0a158ec39da8b09 from main.
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7,
complements e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4.
Refs #28477, #34551.
Thanks Haldun Komsuoglu for the report.
Backport of 3b4a571275d967512866012955eb0b3ae486d63c from main
Thanks Alex Vandiver for the report.
Regression in 09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca.
Backport of 779cd28acb1f7eb06f629c0ea4ded99b5ebb670a from main.
Thanks Pierre-Nicolas Rigal for the report.
Regression in c67ea79aa981ae82595d89f8018a41fcd842e7c9.
Backport of 9cc0d7f7f85cecc3ad15bbc471fe6a08e4f515b6 from main
By using `select_related(None)` instead of `select_related()`, the
unnecessary joins are completely avoided. Note that the current tests
already covers the change, when the field is not `null=True`.
Regression in f9936deed1ff13b20e18bd9ca2b0750b52706b6c.
Backport of 517d3bb4dd17e9c51690c98d747b86a0ed8b2fbf from main
The __isnull lookup of JSONField must special case
Value(None, JSONField()) left-hand-side in order to be coherent with
its convoluted null handling.
Since psycopg>=3 offers no way to pass a NULL::jsonb the issue is
resolved by optimizing IsNull(Value(None), True | False) to
True | False.
Regression in 5c23d9f0c32f166c81ecb6f3f01d5077a6084318.
Thanks Alexandre Collet for the report.
Backport of 3434dbd39d373df7193ad006b970c09c1a909ea3 from main
Thanks Toan Vuong for the report.
Thanks Simon Charette for the review.
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7.
Backport of c9b9a52edc66be117c6e5b5214fa788a4d5db7a8 from main
Regression in dd68af62b2b27ece50d434f6a351877212e15c3f.
Thanks Toan Vuong for the report.
Backport of 4087367ba869be9cf305dac39a8887d4aa4041d2 from main
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7.
Refs #28477.
Thanks younes-chaoui for the report.
Backport of 68912e4f6f84f21322f92a2c7b6c77f68f91b9c9 from main
Regression in 19e0587ee596debf77540d6a08ccb6507e60b6a7.
Thanks Martin Svoboda for the report.
Backport of f9936deed1ff13b20e18bd9ca2b0750b52706b6c from main
Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879.
Thanks Ian Cubitt for the report.
This also corrected test_inheritance_deferred2() test which was
previously properly defined and marked as an expected failure but was
then wrongly adjusted to mask the lack of support for per-alias
deferral that was fixed by #21204.
Backport of 2cf76f2d5d1aa16acfadaf53db3d30128a34b088 from main
This reverts 7990d254b0af158baf827fafbd90fe8e890f23bd.
Thanks Marc Odermatt for the report.
Backport of 0c1518ee429b01c145cf5b34eab01b0b92f8c246 from main
