mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-01 14:06:06 +00:00
Code Issues 30 Releases Wiki Activity
31,563 Commits 28 Branches 426 Tags 623 MiB
92ad551afd
Commit Graph

4471 Commits

Author SHA1 Message Date
Mariusz Felisiak
379b37171b [4.2.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5 from main
 2023-02-01 12:10:03 +01:00
Nick Pope
8a7b22d4a6 [4.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:45:07 +01:00
Mariusz Felisiak
719a14badc [4.2.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions. 
Thanks Dan F for the report.

Bug in 667105877e.
Backport of 2b1242abb3 from main
 2023-01-26 09:32:14 +01:00
Carlton Gibson
d43fbdf6f1 [4.2.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17. 
Backport of d8e1442ce2 from main
 2023-01-25 12:26:40 +01:00
Carlton Gibson
50432e3fd5 [4.2.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17. 
Backport of 1df963ad24 from main
 2023-01-25 11:58:35 +01:00
John Whitlock
a3771c8229 [4.2.x] Fixed typo in docs/releases/4.2.txt. 
Backport of d547171183 from main
 2023-01-17 19:28:19 +01:00
Mariusz Felisiak
1452e7cb7f [4.2.x] Doc'd that 4.2 is LTS. 
Backport of 2785e121c7 from main
 2023-01-17 19:25:44 +01:00
Mariusz Felisiak
2cbb3c9135 [4.2.x] Removed remaining empty sections from 4.2 release notes. 
Follow up to 772cd2b15b.
Backport of a209f66259 from main
 2023-01-17 14:05:51 +01:00
Sébastien Corbin
57680658f3 [4.2.x] Fixed #34264 -- Moved release note about session cookies into error reporting section. 
Backport of e2964fed17 from main
 2023-01-17 13:09:47 +01:00
Mariusz Felisiak
e734cccea0 Made cosmetic edits to docs/releases/4.2.txt. 2023-01-17 08:51:17 +01:00
Mariusz Felisiak
772cd2b15b Removed empty sections from 4.2 release notes. 2023-01-17 08:51:17 +01:00
Mariusz Felisiak
0e2649fdf4 Fixed #34255 -- Made PostgreSQL backend use client-side parameters binding with psycopg version 3. 
Thanks Guillaume Andreu Sabater for the report.

Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
 2023-01-17 08:24:08 +01:00
Mariusz Felisiak
c8a76059ff Refs #34255 -- Bumped required psycopg version to 3.1.8. 2023-01-17 08:24:08 +01:00
Steven
4b7016866a Fixed "nulls characters" typo in docs. 2023-01-16 07:54:00 +01:00
Leo
5da5f3773e Fixed #34234 -- Dropped support for PROJ 4. 2023-01-13 12:31:41 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Jarosław Wygoda
1ec3f0961f Fixed #26029 -- Allowed configuring custom file storage backends. 2023-01-12 06:20:57 +01:00
Mariusz Felisiak
552384fa97
Refs #31014 -- Added FromWKB and FromWKT GIS database functions. 
Co-authored-by: Ondřej Böhm <ondrej.bohm@firma.seznam.cz>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
 2023-01-10 11:51:09 +01:00
Francesco Panico
72efd840a8 Fixed #34110 -- Added in-memory file storage. 
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
 2023-01-10 10:56:59 +01:00
Nick Pope
b47f2f5b90 Fixed #33865 -- Optimized LimitedStream wrapper. 
The current implementation of LimitedStream is slow because .read()
performs an extra copy into a buffer and .readline() performs two
extra copies. The stream being wrapped is already typically a BytesIO
object so this is unnecessary.

This implementation has largely been untouched for 12 years and,
inspired by a simpler implementation in werkzeug, it was possible to
achieve the following performance improvement:

LimitedStream.read() (single line):
  Mean +- std dev: [bench_limitedstream-main] 286 ns +- 6 ns
  -> [bench_limitedstream-patch] 227 ns +- 6 ns: 1.26x faster
LimitedStream.readline() (single line):
  Mean +- std dev: [bench_limitedstream-main] 507 ns +- 11 ns
  -> [bench_limitedstream-patch] 232 ns +- 8 ns: 2.18x faster
LimitedStream.read(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 360 ns +- 8 ns
  -> [bench_limitedstream-patch] 297 ns +- 6 ns: 1.21x faster
LimitedStream.readline(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 602 ns +- 10 ns
  -> [bench_limitedstream-patch] 305 ns +- 10 ns: 1.98x faster
LimitedStream.read() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 290 ns +- 5 ns
  -> [bench_limitedstream-patch] 236 ns +- 6 ns: 1.23x faster
LimitedStream.readline() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 517 ns +- 19 ns
  -> [bench_limitedstream-patch] 239 ns +- 7 ns: 2.16x faster
LimitedStream.read(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 363 ns +- 8 ns
  -> [bench_limitedstream-patch] 311 ns +- 11 ns: 1.17x faster
LimitedStream.readline(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 601 ns +- 12 ns
  -> [bench_limitedstream-patch] 308 ns +- 7 ns: 1.95x faster

Geometric mean: 1.59x faster
 2023-01-05 19:26:56 +01:00
Mariusz Felisiak
63d1cb0092
Refs #32355 -- Bumped minimum supported versions of 3rd-party packages. 
This bumps minimum supported versions of 3rd-party packages to the first
releases to support Python 3.8.
 2023-01-05 18:09:33 +01:00
Mariusz Felisiak
7d9329935a
Refs #32355 -- Bumped mysqlclient requirement to >= 1.4.3. 
mysqlclient 1.4.3 is the first release to support Python 3.8.
 2023-01-05 16:34:14 +01:00
Mariusz Felisiak
5cf9ff970e
Fixed #33961 -- Updated admin's jQuery to 3.6.3. 2023-01-04 11:28:09 +01:00
Mike Crute
0b78ac3fc7 Fixed #34200 -- Made the session role configurable on PostgreSQL. 2023-01-03 09:30:53 +01:00
Claude Paroz
2a14b8df39 Fixed #33783 -- Added IsEmpty GIS database function and __isempty lookup on PostGIS. 2023-01-03 05:47:44 +01:00
Florian Apolloner
afa2e28205 Fixed #34235 -- Added ManifestFilesMixin.manifest_hash attribute. 
This adds ManifestFilesMixin.manifest_hash attribute exposing a "hash"
of the full manifest. This allows applications to determine when their
static files have changed.
 2023-01-02 09:53:52 +01:00
Mariusz Felisiak
75500feecd Added stub release notes for 4.1.6. 2023-01-02 08:50:33 +01:00
Mariusz Felisiak
174d8157b5 Added release date for 4.1.5. 2023-01-02 08:10:59 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm. 
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
 2022-12-29 09:42:22 +01:00
Claude Paroz
1833eb3f3e
Upgraded OpenLayers to v.7.2.2. 2022-12-29 08:30:30 +01:00
Adrian Torres
7eee1dca42 Fixed #14094 -- Added support for unlimited CharField on PostgreSQL. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-12-28 12:31:04 +01:00
kimsoungryoul
78f163a4fb Fixed #18468 -- Added support for comments on columns and tables. 
Thanks Jared Chung, Tom Carrick, David Smith, Nick Pope, and Mariusz
Felisiak for reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
 2022-12-28 06:28:07 +01:00
Carlton Gibson
0bd2c0c901 Fixed #33735 -- Added async support to StreamingHttpResponse. 
Thanks to Florian Vazelle for initial exploratory work, and to Nick
Pope and Mariusz Felisiak for review.
 2022-12-22 10:41:12 +01:00
Mariusz Felisiak
2d676ee119 Updated translations from Transifex. 
Updated Bulgarian, Esperanto, Hungarian, Japanese, Macedonian, Persian,
Portuguese (Brazil), Russian, Spanish, and Turkmen translations.

Forwardport of 46b28bbe15 from stable/4.1.x.
 2022-12-20 19:34:59 +01:00
Carlton Gibson
32d70b2f55
Refs #34118 -- Adopted asgiref coroutine detection shims. 
Thanks to Mariusz Felisiak for review.
 2022-12-20 11:10:48 +01:00
Roxane
289e9a75af Fixed #33662 -- Allowed Sitemap to customize languages for each item. 2022-12-19 12:51:52 +01:00
Andreas Pelme
ab7a85ac29 Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. 2022-12-17 08:46:37 +01:00
Daniele Varrazzo
09ffc5c121 Fixed #33308 -- Added support for psycopg version 3. 
Thanks Simon Charette, Tim Graham, and Adam Johnson for reviews.

Co-authored-by: Florian Apolloner <florian@apolloner.eu>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-12-15 06:17:57 +01:00
James Gillard
c5ed884eab Fixed #34205 -- Fixed Meta.constraints validation crash with ArrayField and __len lookup. 
Regression in 88fc9e2826 that began
manifesting in Django 4.1.
 2022-12-10 17:46:13 +01:00
SirAbhi13
b8738aea14 Fixed #33199 -- Deprecated passing positional arguments to Signer/TimestampSigner. 
Thanks Jacob Walls for the implementation idea.
 2022-12-09 12:44:48 +01:00
Mariusz Felisiak
cbc0fb3705
Made inspectdb used Cursor.description.display_size for CharFields' max_length. 
internal_size is size for fixed-size types not for char types.
 2022-12-08 09:00:35 +01:00
Mariusz Felisiak
95a101a690
Fixed #34201 -- Bumped minimum supported SQLite to 3.21.0. 2022-12-08 05:53:18 +01:00
James Bligh
e44d348c99
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 
Co-authored-by: James Bligh <james.bligh@silvercloudhealth.com>
 2022-12-07 10:56:00 +01:00
Carlton Gibson
845a5db38f Added stub release notes for 4.1.5. 2022-12-06 10:20:27 +01:00
Carlton Gibson
f4a053a294 Added release date for 4.1.4. 2022-12-06 09:56:43 +01:00
Mariusz Felisiak
514884e9a5
Updated various links to HTTPS and new locations. 2022-12-06 05:59:43 +01:00
Alex Vandiver
cbce427c17 Fixed #34194 -- Added django.utils.http.content_disposition_header(). 2022-12-05 13:08:00 +01:00
Simon Charette
0ff46591ac Refs #33308 -- Deprecated support for passing encoded JSON string literals to JSONField & co. 
JSON should be provided as literal Python objects an not in their
encoded string literal forms.
 2022-12-01 19:14:00 +01:00
Mariusz Felisiak
e8dcef155c
Refs #33397, Refs #34160 -- Added release note for resolving output_field changes. 2022-11-30 08:22:10 +01:00
Giebisch
85b52d22fd Fixed #33701 -- Added fine-grained error locations to the technical 500 debug page. 2022-11-29 08:40:11 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Giebisch
80c66e40f7 Fixed #33747 -- Added exception notes to the technical 500 debug page. 2022-11-25 08:16:10 +01:00
Simon Charette
1297c0d0d7 Fixed #31679 -- Delayed annotating aggregations. 
By avoiding to annotate aggregations meant to be possibly pushed to an
outer query until their references are resolved it is possible to
aggregate over a query with the same alias.

Even if #34176 is a convoluted case to support, this refactor seems
worth it given the reduction in complexity it brings with regards to
annotation removal when performing a subquery pushdown.
 2022-11-23 17:46:07 +01:00
DevilsAutumn
4035bab56f Fixed #34171 -- Fixed QuerySet.bulk_create() on fields with db_column in unique_fields/update_fields. 
Bug in 0f6946495a.

Thanks Joshua Brooks for the report.
 2022-11-22 14:47:21 +01:00
Mariusz Felisiak
7d5329852f
Fixed #34177 -- Fixed QuerySet.bulk_create() crash on "pk" in unique_fields. 
Bug in 0f6946495a.
 2022-11-22 14:26:23 +01:00
Ilya Bass
798e38c2b9 Fixed #31090 -- Logged transaction management queries. 
Thanks to Petter Strandmark for the original idea and Mariusz Felisiak
for advice during the DjangoConUS 2022 Sprint!
 2022-11-21 09:10:14 +01:00
Ben Cail
fbde929b19 Fixed #26056 -- Added QuerySet.values()/values_list() support for ArrayField's __overlap lookup. 
Thanks Mads Jensen and kosz85 and the initial patch.
 2022-11-18 05:53:37 +01:00
sarahboyce
7a5307974a Fixed #34099 -- Added release notes for QuerySet.update_or_create() changes. 
Follow up to 6cc0f22a73.

Thanks Phil Gyford for the report.
 2022-11-14 14:05:43 +01:00
David Wobrock
67da22f08e Fixed #34074 -- Added headers argument to RequestFactory and Client classes. 2022-11-14 10:21:51 +01:00
Jon Janzen
321ecb40f4 Fixed #34135 -- Added async-compatible interface to related managers. 2022-11-09 10:32:40 +01:00
Jon Janzen
7b94847e38 Fixed #34139 -- Fixed acreate(), aget_or_create(), and aupdate_or_create() methods for related managers. 
Bug in 58b27e0dbb.
 2022-11-08 06:20:10 +01:00
Simon Charette
5f09ab8c30 Refs #17144 -- Removed support for grouping by primary key. 
No core backend require the feature anymore as it was only added to
support a MySQL'ism that has been deprecated since then.
 2022-11-07 12:21:29 +01:00
Daniel Ivanov
5eab4d1924 Fixed #34088 -- Fixed Sitemap.get_latest_lastmod() crash with empty items. 
Bug in 480191244d.

Thanks Michal Čihař for the report.
 2022-11-07 06:15:54 +01:00
Mariusz Felisiak
7b0e9ea53c
Fixed #34138 -- Avoided table rebuild when adding inline m2m fields on SQLite. 
Regression in 2f73e5406d.

Thanks David Wobrock for the report.
 2022-11-04 09:30:23 +01:00
Nick Pope
0f4964535c Removed obsolete references to pysqlite. 
Obsolete since 1b06d5e6f6.
 2022-11-04 08:03:06 +01:00
DevilsAutumn
d5bcdf858d Fixed #34112 -- Added async-compatible interface to Model methods. 
Thanks Adam Johnson for the review.
 2022-11-02 09:14:17 +01:00
Mariusz Felisiak
c765b62e32 Added stub release notes for 4.1.4. 2022-11-01 07:27:30 +01:00
Mariusz Felisiak
635e5643b3 Added release date for 4.1.3. 2022-11-01 06:54:19 +01:00
David Wobrock
a320aab512 Fixed #16211 -- Added logical NOT support to F expressions. 2022-10-31 09:55:51 +01:00
Mariusz Felisiak
eb6cc01d0f
Refs #33173 -- Doc'd Python 3.11 compatibility in Django 4.1.x. 2022-10-26 20:10:33 +02:00
Tobias Bengfort
350455b666 Fixed #33606 -- Cleansed sessionid cookie in error reports. 
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2022-10-26 14:39:58 +02:00
Giebisch
3283120cca Fixed #34111 -- Made test runner with --debug-sql format SQL queries. 2022-10-24 08:11:30 +02:00
Carlton Gibson
5c2c7277d4 Fixed #34085 -- Made management commands don't use black for non-Python files. 
Bug in d113b5a837.

Co-authored-by: programmylife <acmshar@gmail.com>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2022-10-20 13:38:31 -07:00
Sergio
94e7f471c4 Fixed #34069 -- Made LocaleMiddleware respect language from requests when i18n patterns are used. 2022-10-13 10:38:26 +02:00
Gregor Gärtner
f0c06f8ab7 Refs #33990 -- Renamed TransactionTestCase.assertQuerysetEqual() to assertQuerySetEqual(). 
Co-Authored-By: Michael Howitz <mh@gocept.com>
 2022-10-08 08:07:38 +02:00
Gregor Gärtner
564b317fb5 Refs #33990 -- Renamed SimpleTestCase.assertFormsetError() to assertFormSetError(). 
Co-Authored-By: Michael Howitz <mh@gocept.com>
 2022-10-07 11:22:16 +02:00
Shubh1815
7a39a691e1 Fixed #32603 -- Made ModelAdmin.list_editable use transactions. 2022-10-06 20:44:07 +02:00
Simon Charette
c6350d594c Refs #30158 -- Removed alias argument for Expression.get_group_by_cols(). 
Recent refactors allowed GROUP BY aliasing allowed for aliasing to be
entirely handled by the sql.Query.set_group_by and compiler layers.
 2022-10-06 12:04:00 +02:00
Carlton Gibson
93d4c9ea1d Added CVE-2022-36359 to security archive. 2022-10-04 10:12:11 +02:00
Carlton Gibson
7a08927323 Added stub release notes for 4.1.3 release. 2022-10-04 09:49:23 +02:00
Adam Johnson
e5ea284294 Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-10-04 09:10:04 +02:00
Lily Foote
649b28eab6 Fixed #34070 -- Added subsecond support to Now() on SQLite and MySQL. 2022-10-03 12:13:27 +02:00
Mariusz Felisiak
f71b0cf769
Refs #32987 -- Relaxed system check for template tag modules with the same name by turning into a warning. 
Thanks Claude Paroz for the report.

Regression in 004b4620f6.
 2022-10-03 10:52:21 +02:00
Mariusz Felisiak
5e0aa362d9
Fixed #33984 -- Reverted "Fixed #32980 -- Made models cache related managers." 
This reverts 4f8c7fd9d9 and adds
two regression tests:
- test_related_manager_refresh(), and
- test_create_copy_with_m2m().

Thanks joeli for the report.
 2022-09-30 18:18:33 +02:00
Antoine Lorence
9b0c9821ed Fixed #34062 -- Updated View.http_method_not_allowed() to support async. 
As with the options() methods, wrap the response in a coroutine if
the view is async.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2022-09-29 16:28:44 +02:00
Mariusz Felisiak
19e6efa50b
Fixed #34058 -- Changed sequence types when altering pre-Django 4.1 auto fields on PostgreSQL. 
Thanks Anders Kaseorg for the report.

Thanks Florian Apolloner for pair programming.

Regression in 2eea361eff.
 2022-09-29 13:20:14 +02:00
Adam Johnson
0f5b11eca0 Refs #34010 -- Made --debug-mode work for parallel tests using spawn. 
Bug in 3b3f38b3b0.

Thanks Kevin Renskers for the report.
 2022-09-28 19:39:25 +02:00
Adam Johnson
4a910f3de3 Fixed #34010 -- Made parallel tests using spawn set up Django. 
Bug in 3b3f38b3b0.

Thanks Kevin Renskers for the report.
 2022-09-28 19:39:25 +02:00
Paolo Melchiorre
fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
David Sanders
9976f3d4b8 Fixed #34025 -- Fixed selecting ModelAdmin.autocomplete_fields after adding/changing related instances via popups. 
Regression in c72f6f36c1.

Thanks Alexandre da Silva for the report.
 2022-09-28 11:28:01 +02:00
Jacob Walls
80d38de52b Fixed #34051 -- Made makemigrations --check exit before making migrations. 2022-09-28 09:48:07 +02:00
Carlton Gibson
f08651c06c Fixed typo in 4.1.2 release notes. 2022-09-27 09:50:01 +02:00
Carlton Gibson
c2bc71b635 Set date and added stub notes for 4.1.2, 4.0.8, and 3.2.16 releases. 2022-09-27 09:44:47 +02:00
Moshe Nahmias
d938b3b257
Fixed #34040 -- Removed autofocus from admin search box. 2022-09-26 21:06:48 +02:00
Florian Perucki
872b61193b Refs #34041 -- Added navigation landmark to breadcrumbs in admin. 
Thanks Thibaud Colas for pair programming.
 2022-09-26 08:51:15 +02:00
Jacob Walls
cfe3008123
Fixed typo in docs/releases/3.2.1.txt. 2022-09-19 05:19:01 +02:00
Alexander Kerkum
f88fc72da4 Fixed #34016 -- Fixed QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg(). 
Regression in e06dc4571e.
 2022-09-17 19:38:20 +02:00
Allen Jonathan David
10178197d5 Fixed #33966 -- Added support for using KeyTextTransform from lookup. 2022-09-16 05:36:57 +02:00
David Sanders
e14d08cd89 Fixed #33996 -- Fixed CheckConstraint validation on NULL values. 
Bug in 667105877e.

Thanks James Beith for the report.
 2022-09-13 12:48:31 +02:00
Simon Charette
32536b1324 Fixed #33992 -- Fixed queryset crash when aggregating over a group containing Exists. 
A more in-depth solution is likely to make sure that we always GROUP BY
selected annotations or revisit how we use Query.exists() in the Exists
expression but that requires extra work that isn't suitable for a
backport.

Regression in e5a92d400a.

Thanks Fernando Flores Villaça for the report.
 2022-09-08 05:50:02 +02:00