1
0
mirror of https://github.com/django/django.git synced 2025-01-10 10:26:34 +00:00
Commit Graph

12 Commits

Author SHA1 Message Date
Adam Johnson
55519d6cf8 Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
2024-02-06 09:07:31 -03:00
Simon Charette
e67d7d70fa Fixed #35149 -- Fixed crashes of db_default with unresolvable output field.
Field.db_default accepts either literal Python values or compilables
(as_sql) and wrap the former ones in Value internally.

While 1e38f11 added support for automatic resolving of output fields for
types such as str, int, float, and other unambigous ones it's cannot do
so for all types such as dict or even contrib.postgres and contrib.gis
primitives.

When a literal, non-compilable, value is provided it likely make the
most sense to bind its output field to the field its attached to avoid
forcing the user to provide an explicit `Value(output_field)`.

Thanks David Sanders for the report.
2024-02-04 09:39:41 +01:00
Simon Charette
dfc77637ea Fixed #35162 -- Fixed crash when adding fields with db_default on MySQL.
MySQL doesn't allow literal DEFAULT values to be used for BLOB, TEXT,
GEOMETRY or JSON columns and requires expression to be used instead.

Regression in 7414704e88.
2024-02-03 22:47:40 +01:00
James Thorniley
11393ab131 Fixed #35059 -- Ensured that ASGIHandler always sends the request_finished signal.
Prior to this work, when async tasks that process the request are cancelled due
to receiving an early "http.disconnect" ASGI message, the request_finished
signal was not being sent, potentially leading to resource leaks (such as
database connections).

This branch ensures that the request_finished signal is sent even in the case
of early termination of the response.

Regression in 64cea1e48f.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2024-01-31 14:40:57 -03:00
Mariusz Felisiak
38eaf2f21a
Fixed #35159 -- Fixed dumpdata crash when base querysets use prefetch_related().
Regression in 1391356276
following deprecation in edbf930287.

Thanks Andrea F for the report.
2024-01-31 16:10:05 +01:00
Nicolas Delaby
820c5f1bac Fixed #35135 -- Made FilteredRelation raise ValueError on querysets as rhs.
Regression in 59f4754704.
2024-01-29 20:29:49 +01:00
Natalia
06d0a1bd56 Added stub release notes and release date for 5.0.2, 4.2.10, and 3.2.24. 2024-01-29 11:41:53 -03:00
Claude Paroz
41aaf5aafa Updated translations from Transifex.
Forwardport of 3cc35aafab from stable/5.0.x.
2024-01-29 06:10:52 +01:00
Mariusz Felisiak
4879907223
Fixed #35127 -- Made Model.full_clean() ignore GeneratedFields.
Thanks Claude Paroz for the report.

Regression in f333e3513e.
2024-01-19 08:55:50 +01:00
Salvo Polizzi
10c7c7320b Fixed #35121 -- Corrected color for links in the admin.
Thanks Collin Anderson for the report.

Regression in 6ad2738a8f.
2024-01-18 12:22:06 +01:00
Sarah Boyce
a9094ec1f4 Fixed #35087 -- Reallowed filtering against foreign keys not listed in ModelAdmin.list_filters.
Regression in f80669d2f5.
2024-01-08 09:21:54 +01:00
Mariusz Felisiak
f412add786 Added stub release notes for 5.0.2. 2024-01-02 10:29:47 +01:00