mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 20:59:12 +00:00
Code Issues 32 Releases Wiki Activity
27,054 Commits 29 Branches 451 Tags
Commit Graph

27054 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Smith
9d13d8c10b [2.2.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main.
 2022-02-02 07:20:28 +01:00
Mariusz Felisiak
047ece3014 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:54:34 +01:00
Mariusz Felisiak
2427b2fee3 [2.2.x] Post-release version bump. 2022-02-01 08:10:18 +01:00
Mariusz Felisiak
e541f2d05b [2.2.x] Bumped version for 2.2.27 release. 2.2.27 2022-02-01 08:07:46 +01:00
Mariusz Felisiak
c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:57:28 +01:00
Markus Holtermann
c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:56:29 +01:00
Mariusz Felisiak
4cafd3aacb [2.2.x] Added stub release notes 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
 2022-01-25 07:29:28 +01:00
Carlton Gibson
77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 
Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
 2022-01-04 11:39:54 +01:00
Carlton Gibson
e085d46e4b [2.2.x] Post-release version bump. 2022-01-04 10:36:12 +01:00
Carlton Gibson
44e7cca623 2.2.x] Bumped version for 2.2.26 release. 2.2.26 2022-01-04 10:30:01 +01:00
Florian Apolloner
4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:20:31 +01:00
Florian Apolloner
c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:20:31 +01:00
Florian Apolloner
2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:20:31 +01:00
Carlton Gibson
03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release. 2021-12-28 10:10:15 +01:00
Mariusz Felisiak
b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 
Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6.
Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main
 2021-12-15 18:56:38 +01:00
Mariusz Felisiak
573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive. 
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
 2021-12-07 08:56:25 +01:00
Mariusz Felisiak
8439938602 [2.2.x] Post-release version bump. 2021-12-07 07:05:38 +01:00
Mariusz Felisiak
79d8dcefb2 [2.2.x] Bumped version for 2.2.25 release. 2.2.25 2021-12-07 07:03:33 +01:00
Florian Apolloner
7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
 2021-12-07 07:02:14 +01:00
Mariusz Felisiak
0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds. 
Backport of 0cf2d48ba83543b16bdf390d941eb98e8d34f3bd from stable/3.2.x.
 2021-11-30 12:12:07 +01:00
Mariusz Felisiak
fac0fdd95d [2.2.x] Added stub release notes for 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main.
 2021-11-30 11:31:56 +01:00
Mariusz Felisiak
4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. 
See dd2ff3e911.
Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main
 2021-11-18 13:33:29 +01:00
Adam Johnson
5289fcfffe [2.2.x] Configured Read The Docs to build all formats. 
`all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable?
Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main
 2021-11-18 12:25:47 +01:00
Carlton Gibson
9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 
This pins Sphinx version, because the default Sphinx version used by
RTD is not compatible with Python 3.8+.

This also, sets Python 3.8 for RTD builds which is compatible with all
current versions of Django.

Thanks to Mariusz Felisiak for the suggestion.

Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main.
 2021-11-03 19:05:19 +01:00
Carlton Gibson
029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. 
Co-authored-by: Andrew Neitsch <andrew@neitsch.ca>

Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main
 2021-11-03 19:04:59 +01:00
Mariusz Felisiak
12141e3116
[2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. 
Follow up to 837ffcfa681d0f65f444d881ee3d69aec23770be.
 2021-11-03 08:42:27 +01:00
Mariusz Felisiak
cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist. 
Backport of e43a131887e2a316d4fb829c3a272ef0cbbeea80 from main
 2021-10-12 15:18:17 +02:00
Mariusz Felisiak
05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. 
Thanks Michał Górny for the report.

Backport of 50ed545e2fa02c51e0d1559b83624f256e4b499b from main.
 2021-09-02 11:06:10 +02:00
Mariusz Felisiak
a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs. 
According to DEP 0010.

Backport of f2ed2211c26ba375390cb76725c95ae970a0fd1d from main.
 2021-07-30 11:53:15 +02:00
Mariusz Felisiak
66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. 
According to DEP 0010.

Backport of 228ec8e015bac9751c8aef3107358fbb2cb3301b from main
 2021-07-30 11:52:46 +02:00
Mariusz Felisiak
d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs. 
According to DEP 0010.

Backport of caa2dd08c4722c8702588f5dfe1fa4c506aa66fc from main
 2021-07-30 11:52:43 +02:00
Mariusz Felisiak
8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 
Backport of 37e8367c359cd115f109d82f99ff32be219f4928 from main.
 2021-07-13 20:26:17 +02:00
Mariusz Felisiak
837ffcfa68
[2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. 2021-06-21 13:06:31 +02:00
Mariusz Felisiak
dc43667eab [2.2.x] Fixed docs header underlines in security archive. 
Backport of d9cee3f5f2f90938d2c2c0230be40c7d50aef53d from main
 2021-06-02 12:29:11 +02:00
Carlton Gibson
3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. 
Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main
 2021-06-02 11:19:59 +02:00
Carlton Gibson
48bde7cab4 [2.2.x] Post-release version bump. 2021-06-02 10:36:52 +02:00
Carlton Gibson
2da029d854 [2.2.x] Bumped version for 2.2.24 release. 2.2.24 2021-06-02 10:28:20 +02:00
Mariusz Felisiak
f27c38ab5d [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
 2021-06-02 10:26:22 +02:00
Florian Apolloner
053cc9534d [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:26:22 +02:00
Carlton Gibson
6229d8794f [2.2.x] Confirmed release date for Django 2.2.24. 
Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main.
 2021-06-02 10:23:20 +02:00
Carlton Gibson
f163ad5c63 [2.2.x] Added stub release notes and date for Django 2.2.24. 
Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main
 2021-05-26 10:21:53 +02:00
Mariusz Felisiak
bed1755bc5 [2.2.x] Changed IRC references to Libera.Chat. 
Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main.
 2021-05-20 12:42:48 +02:00
Mariusz Felisiak
63f0d7a0f6 [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fields.test_filefield tests on Python 3.5. 2021-05-14 06:59:11 +02:00
Mariusz Felisiak
5fe4970bd0 [2.2.x] Post-release version bump. 2021-05-13 09:22:34 +02:00
Mariusz Felisiak
61f814f9fa [2.2.x] Bumped version for 2.2.23 release. 2.2.23 2021-05-13 09:19:56 +02:00
Mariusz Felisiak
b8ecb06436 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.

Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main.
 2021-05-13 09:00:25 +02:00
Mariusz Felisiak
3ba089ac7e [2.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. 
Backport of d1f1417caed648db2f81a1ec28c47bf958c01958 from main.
 2021-05-12 10:44:25 +02:00
Mariusz Felisiak
88d9b28c0c [2.2.x] Added CVE-2021-32052 to security archive. 
Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
 2021-05-06 10:05:46 +02:00
Mariusz Felisiak
7ada1f90c6 [2.2.x] Post-release version bump. 2021-05-06 09:10:34 +02:00
Mariusz Felisiak
df9fd4661e [2.2.x] Bumped version for 2.2.22 release. 2.2.22 2021-05-06 09:08:28 +02:00