1
0
mirror of https://github.com/django/django.git synced 2025-10-04 20:39:13 +00:00

14428 Commits

Author SHA1 Message Date
Sarah Boyce
924a0c092e Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract().
Thanks stackered for the report.

Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23.
2025-10-01 08:12:07 -04:00
Mariusz Felisiak
41b43c74bd Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB.
Thanks sw0rd1ight for the report.

Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.
2025-10-01 08:11:45 -04:00
Jacob Walls
6c82b0bc91 Made cosmetic edits to 5.2.7 release notes. 2025-09-30 16:31:01 -04:00
Adam Johnson
8b241f84e2 Fixed #36614 -- Deprecated QuerySet.values_list(flat=True) without a field.
Thanks to Jacob Walls and Simon Charette for their input.

co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2025-09-30 08:46:28 +02:00
okaybro
afe6634146 Fixed #36587 -- Clarified usage of list.insert() for upload handlers.
Thanks Baptiste Mispelon for the report

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-09-29 14:48:06 +02:00
arsalan64
e8190b370e Fixed #36277 -- Fixed DatabaseFeatures.supports_virtual_generated_columns on PostgreSQL 18+. 2025-09-29 10:54:27 +02:00
Samriddha9619
daba609a9b Fixed #35877, Refs #36128 -- Documented unique constraint when migrating a m2m field to use a through model. 2025-09-29 08:57:11 +02:00
John Parton
1820d35b17 Fixed #36605 -- Added support for QuerySet.in_bulk() after .values() or .values_list().
co-authored-by: Adam Johnson <me@adamj.eu>
co-authored-by: Simon Charette <charette.s@gmail.com>
2025-09-25 08:51:43 -04:00
Mariusz Felisiak
00174507f8 Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. 2025-09-24 11:39:07 -04:00
Adam Johnson
f2e0219867 Refs #36163 -- Removed currentmodule directive from 6.0 release notes. 2025-09-24 13:06:00 +02:00
Adam Johnson
2e870c6071 Refs #36163 -- Removed duplicated release note paragraph. 2025-09-24 13:06:00 +02:00
Mariusz Felisiak
44addbf4e7
Refs #35859 -- Mentioned tasks in the docs index. 2025-09-24 09:47:47 +02:00
Tim Graham
1acb00b26d
Fixed #36616 -- Added DatabaseOperations.adapt_durationfield_value(). 2025-09-23 18:36:49 +02:00
Jacob Walls
efb96138b4 Refs #25508 -- Used QuerySet.__repr__ in docs/ref/contrib/postgres/search.txt. 2025-09-23 10:07:31 -04:00
Jean Patrick Prenis
9af8225117 Fixed #36609 -- Added Haitian Creole (ht) language.
Thanks Rebecca Conley for the review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-09-23 08:04:13 +02:00
David Smith
e20e189045 Refs #33783 -- Added IsEmpty GIS database function and __isempty lookup on SpatiaLite. 2025-09-22 22:04:42 -04:00
Natalia
5ddb01c760 Clarified feature freeze and alpha release steps in docs/internals/howto-release-django.txt. 2025-09-18 22:07:06 -03:00
Adam Johnson
74a9c2711c Refs #28586 -- Split descriptor from GenericForeignKey.
This makes GenericForeignKey more similar to other fields which act as
descriptors, preparing it to add “fetcher protocol” support in a clear and
consistent way.
2025-09-18 19:44:16 -04:00
CodingWithSaksham
762d3be8c5 Fixed #36581 -- Updated serialization examples from XML to JSON. 2025-09-18 15:44:05 +02:00
Natalia
4840ab0965 Updated translations from Transifex.
Forwardport of 2a2936c3e6444a0f37156773ca405cedaf28dea7 from stable/5.2.x.
2025-09-18 09:53:05 -03:00
Mariusz Felisiak
f8d2610d94
Added backticks to email addresses in docs. 2025-09-17 22:23:57 +02:00
Jacob Walls
cebbd5a6ad Advanced deprecation warnings for Django 6.1. 2025-09-17 15:17:05 -03:00
Jacob Walls
b83204a06e Increased the default PBKDF2 iterations for Django 6.1. 2025-09-17 15:17:05 -03:00
Jacob Walls
0655d958bd Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing aprocess_request().
Per deprecation timeline.
2025-09-17 15:17:05 -03:00
Jacob Walls
7d7e5cd055 Refs #35444 -- Removed contrib.postgres aggregates ordering kwarg per deprecation timeline. 2025-09-17 15:17:05 -03:00
Jacob Walls
32e266dc5b Refs #35530 -- Removed request.user or auser() fallback in auth.login and auth.alogin.
Per deprecation timeline.
2025-09-17 15:17:05 -03:00
Jacob Walls
a146fe2930 Refs #22712 -- Removed all parameter from django.contrib.staticfiles.finders.find().
Per deprecation timeline.
2025-09-17 15:17:05 -03:00
Jacob Walls
00a84fc6f3 Removed versionadded/changed annotations for 5.2. 2025-09-17 15:17:05 -03:00
Jacob Walls
1db79d8acf Added stub release notes for 6.1. 2025-09-17 15:17:05 -03:00
Jacob Walls
c7b8f20d2e Bumped version; main is now 6.1 pre-alpha. 2025-09-17 15:17:05 -03:00
Natalia
154aa62e6f Made cosmetic edits to docs/releases/6.0.txt. 2025-09-17 14:20:40 -03:00
Natalia
eae8cc4201 Removed empty sections from 6.0 release notes. 2025-09-17 14:20:40 -03:00
Natalia
4e1aebffdd Updated man page for Django 6.0 alpha 1. 2025-09-17 14:20:40 -03:00
Jacob Walls
b931156c20 Refs #35859 -- Removed support for Task enqueuing on transaction commit.
This removes the ability to configure Task enqueueing via a setting,
since the proposed `ENQUEUE_ON_COMMIT` did not support multi-database
setups.

Thanks to Simon Charette for the report.

Follow-up to 4289966d1b8e848e5e460b7c782dac009d746b20.
2025-09-17 13:28:58 -03:00
Jacob Walls
9334499f53 Refs #35859 -- Included Task backends in system checks docs. 2025-09-17 13:28:58 -03:00
antoliny0919
1e7728888d Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget chosen labels in TabularInlines.
Regression in a0f50c2a483678d31bd1ad6f08fd3a0b8399e27b.
2025-09-17 09:56:01 +02:00
Jake Howard
4289966d1b Fixed #35859 -- Added background Tasks framework interface.
This work implements what was defined in DEP 14
(https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst).

Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce,
Jacob Walls, and Natalia Bidart for the reviews.
2025-09-16 17:28:32 -03:00
GappleBee
218f69f05e Fixed #28041 -- Added Lexeme expression to contrib.postgres.search.
This expression automatically escapes its input and allows
fine-grained control over prefix matching and term weighting
via logical combinations.

Thanks Mariusz Felisiak, Adam Zapletal, Paolo Melchiorre,
Jacob Walls, Adam Johnson, and Simon Charette for reviews.

Co-authored-by: joetsoi <joetsoi@users.noreply.github.com>
Co-authored-by: Karl Hobley <karl@kaed.uk>
Co-authored-by: Alexandr Tatarinov <tatarinov1997@gmail.com>
2025-09-16 15:09:11 -04:00
blingblin-g
e08fa42fa6 Fixed #36426 -- Added support for further iterables in prefetch_related_objects().
Thanks Sarah Boyce for the review.
2025-09-16 14:14:23 -04:00
Dani Fornons
014be2f0da Fixed #36591 -- Removed unnecessary dotted paths in email docs. 2025-09-15 11:46:35 +02:00
Simon Charette
94680437a4 Fixed #27222 -- Refreshed model field values assigned expressions on save().
Removed the can_return_columns_from_insert skip gates on existing
field_defaults tests to confirm the expected number of queries are
performed and that returning field overrides are respected.
2025-09-14 00:27:50 +02:00
Simon Charette
55a0073b3b Refs #27222 -- Refreshed GeneratedFields values on save() initiated update.
This required implementing UPDATE RETURNING machinery that heavily
borrows from the INSERT one.
2025-09-14 00:27:49 +02:00
Jacob Walls
c48904a225 Fixed typo in docs/ref/contrib/contenttypes.txt. 2025-09-13 11:24:43 -04:00
Clifford Gama
9932866e3a
Refs #35667 -- Corrected usage of skip_file_prefixes in contributing docs. 2025-09-13 08:20:17 -04:00
Mridul Dhall
e183d6c26c Fixed #36597 -- Corrected directives for functions from email module in docs.
Thanks Mike Edmunds for the report.
2025-09-12 18:51:52 +02:00
nessita
8956ee3ce3
Refs #35667 -- Updated contributing guide to use django_file_prefixes on deprecations. 2025-09-12 11:15:13 -05:00
Salman
46fdeb1373
Fixed #36486 -- Added MongoDB to list of third-party DB backends. 2025-09-09 08:23:41 +02:00
Carlton Gibson
892a45d642
Refs #36410 -- Added link to migration guide for template-partials. 2025-09-08 15:29:58 +02:00
Mike Edmunds
0231f71d31 Fixed #36524 -- Enabled docs cross references to EmailMessage methods.
Updated docs for class django.core.mail.EmailMessage to use Sphinx
`method::` directives, allowing cross references to those methods
elsewhere in the docs.

Updated references to those methods in the email docs and 6.0 release
notes to link directly to the specific methods.
2025-09-05 15:56:16 -04:00
Mike Edmunds
7319341a88 Removed redundant directive in email docs.
docs/topics/email.txt declares `module:: django.core.mail`.
Removed unnecessary `currentmodule::` pointing to the same module.
2025-09-05 15:56:16 -04:00