1
0
mirror of https://github.com/django/django.git synced 2025-01-19 06:43:15 +00:00

12 Commits

Author SHA1 Message Date
Dan Palmer
2c82414914 Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends. 2020-06-03 09:24:26 +02:00
Jon Dufresne
2dd4d110c1 Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdWidget. 2020-06-03 09:23:00 +02:00
Carlton Gibson
81dc710571 Added release date for 2.2.13 and 3.0.7. 2020-06-03 09:13:16 +02:00
Carlton Gibson
0daddf093f
Refs #31485 -- Added release notes for backport of jQuery upgrade to 3.5.1. 2020-06-02 14:32:43 +02:00
Carlton Gibson
dd1ca50b09 Fixed #31570 -- Corrected translation loading for apps providing territorial language variants with different plural equations.
Regression in e3e48b00127c09eafe6439d980a82fc5c591b673.

Thanks to Shai Berger for report, reproduce and suggested fix.
2020-06-01 08:38:54 +02:00
Carlton Gibson
9d55ae00d3 Updated expected release dates for 3.0.7 and 2.2.13. 2020-05-27 10:19:15 +02:00
Mariusz Felisiak
8328811f04
Refs #31607 -- Added release notes for a125da6a7c79b1d4c55677d0bed6f9b1d7d77353. 2020-05-20 09:18:19 +02:00
Mariusz Felisiak
3a941230c8
Fixed #31584 -- Fixed crash when chaining values()/values_list() after Exists() annotation and aggregation on Oracle.
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the GROUP BY clause.

Regression in efa1908f662c19038a944129c81462485c4a9fe8.
2020-05-14 15:07:08 +02:00
Simon Charette
adfbf653dc Fixed #31568 -- Fixed alias reference when aggregating over multiple subqueries.
691def10a0197d83d2d108bd9043b0916d0f09b4 made all Subquery() instances
equal to each other which broke aggregation subquery pushdown which
relied on object equality to determine which alias it should select.

Subquery.__eq__() will be fixed in an another commit but
Query.rewrite_cols() should haved used object identity from the start.

Refs #30727, #30188.

Thanks Makina Corpus for the report.
2020-05-14 09:31:15 +02:00
Simon Charette
42c08ee465 Fixed #31566 -- Fixed aliases crash when chaining values()/values_list() after annotate() with aggregations and subqueries.
Subquery annotation references must be resolved if they are excluded
from the GROUP BY clause by a following .values() call.

Regression in fb3f034f1c63160c0ff13c609acd01c18be12f80.

Thanks Makina Corpus for the report.
2020-05-14 08:16:16 +02:00
Mariusz Felisiak
b73e66e758
Fixed #31538 -- Fixed Meta.ordering validation lookups that are not transforms.
Regression in 440505cb2cadbe1a5b9fba246bcde6c04f51d07e.

Thanks Simon Meers for the report.
2020-05-05 09:08:29 +02:00
Mariusz Felisiak
8e8ff38cb8 Added stub release notes for 3.0.7. 2020-05-04 07:38:35 +02:00