1
0
mirror of https://github.com/django/django.git synced 2025-01-19 06:43:15 +00:00

4425 Commits

Author SHA1 Message Date
Mariusz Felisiak
836ae73a89 [4.2.x] Fixed #34319 -- Fixed Model.validate_constraints() crash on ValidationError with no code.
Thanks Mateusz Kurowski for the report.

Regression in 667105877e6723c6985399803a364848891513cc.
Backport of 2fd755b361d3da2cd0440fc9839feb2bb69b027b from main
2023-02-08 16:39:53 +01:00
Carlton Gibson
600b88db4c [4.2.x] Added stub release notes for 4.0.10 and 3.2.18.
Set date for 4.1.7 release.

Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-07 10:10:22 +01:00
Mariusz Felisiak
9a1848f48c
[4.2.x] Increased the default PBKDF2 iterations for Django 4.2.
See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2.

Thanks Markus Holtermann for the report.
2023-02-04 13:36:06 +01:00
Mariusz Felisiak
ba7d8ac37d [4.2.x] Added stub release notes for 4.1.7.
Backport of f3c89744cc801cc7d134bca9958c4a74aa76380f from main
2023-02-01 13:22:00 +01:00
Mariusz Felisiak
379b37171b [4.2.x] Added CVE-2023-23969 to security archive.
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
2023-02-01 12:10:03 +01:00
Nick Pope
8a7b22d4a6 [4.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:45:07 +01:00
Mariusz Felisiak
719a14badc [4.2.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
Thanks Dan F for the report.

Bug in 667105877e6723c6985399803a364848891513cc.
Backport of 2b1242abb3989f5d74e787b09132d01bcbee5b55 from main
2023-01-26 09:32:14 +01:00
Carlton Gibson
d43fbdf6f1 [4.2.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25 12:26:40 +01:00
Carlton Gibson
50432e3fd5 [4.2.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2023-01-25 11:58:35 +01:00
John Whitlock
a3771c8229 [4.2.x] Fixed typo in docs/releases/4.2.txt.
Backport of d54717118360e8679aa2bd0c5a1625f3e84712ba from main
2023-01-17 19:28:19 +01:00
Mariusz Felisiak
1452e7cb7f [4.2.x] Doc'd that 4.2 is LTS.
Backport of 2785e121c7eb941202565343d3880da6ba5aa21d from main
2023-01-17 19:25:44 +01:00
Mariusz Felisiak
2cbb3c9135 [4.2.x] Removed remaining empty sections from 4.2 release notes.
Follow up to 772cd2b15b158679b9dc15fb599aa935ec7c25b1.
Backport of a209f6625936cff2c714e99735782663dc95218f from main
2023-01-17 14:05:51 +01:00
Sébastien Corbin
57680658f3 [4.2.x] Fixed #34264 -- Moved release note about session cookies into error reporting section.
Backport of e2964fed1761981ff7e5c60762e954f307cf7969 from main
2023-01-17 13:09:47 +01:00
Mariusz Felisiak
e734cccea0 Made cosmetic edits to docs/releases/4.2.txt. 2023-01-17 08:51:17 +01:00
Mariusz Felisiak
772cd2b15b Removed empty sections from 4.2 release notes. 2023-01-17 08:51:17 +01:00
Mariusz Felisiak
0e2649fdf4 Fixed #34255 -- Made PostgreSQL backend use client-side parameters binding with psycopg version 3.
Thanks Guillaume Andreu Sabater for the report.

Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
2023-01-17 08:24:08 +01:00
Mariusz Felisiak
c8a76059ff Refs #34255 -- Bumped required psycopg version to 3.1.8. 2023-01-17 08:24:08 +01:00
Steven
4b7016866a Fixed "nulls characters" typo in docs. 2023-01-16 07:54:00 +01:00
Leo
5da5f3773e Fixed #34234 -- Dropped support for PROJ 4. 2023-01-13 12:31:41 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Jarosław Wygoda
1ec3f0961f Fixed #26029 -- Allowed configuring custom file storage backends. 2023-01-12 06:20:57 +01:00
Mariusz Felisiak
552384fa97
Refs #31014 -- Added FromWKB and FromWKT GIS database functions.
Co-authored-by: Ondřej Böhm <ondrej.bohm@firma.seznam.cz>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
2023-01-10 11:51:09 +01:00
Francesco Panico
72efd840a8 Fixed #34110 -- Added in-memory file storage.
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
2023-01-10 10:56:59 +01:00
Nick Pope
b47f2f5b90 Fixed #33865 -- Optimized LimitedStream wrapper.
The current implementation of LimitedStream is slow because .read()
performs an extra copy into a buffer and .readline() performs two
extra copies. The stream being wrapped is already typically a BytesIO
object so this is unnecessary.

This implementation has largely been untouched for 12 years and,
inspired by a simpler implementation in werkzeug, it was possible to
achieve the following performance improvement:

LimitedStream.read() (single line):
  Mean +- std dev: [bench_limitedstream-main] 286 ns +- 6 ns
  -> [bench_limitedstream-patch] 227 ns +- 6 ns: 1.26x faster
LimitedStream.readline() (single line):
  Mean +- std dev: [bench_limitedstream-main] 507 ns +- 11 ns
  -> [bench_limitedstream-patch] 232 ns +- 8 ns: 2.18x faster
LimitedStream.read(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 360 ns +- 8 ns
  -> [bench_limitedstream-patch] 297 ns +- 6 ns: 1.21x faster
LimitedStream.readline(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 602 ns +- 10 ns
  -> [bench_limitedstream-patch] 305 ns +- 10 ns: 1.98x faster
LimitedStream.read() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 290 ns +- 5 ns
  -> [bench_limitedstream-patch] 236 ns +- 6 ns: 1.23x faster
LimitedStream.readline() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 517 ns +- 19 ns
  -> [bench_limitedstream-patch] 239 ns +- 7 ns: 2.16x faster
LimitedStream.read(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 363 ns +- 8 ns
  -> [bench_limitedstream-patch] 311 ns +- 11 ns: 1.17x faster
LimitedStream.readline(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 601 ns +- 12 ns
  -> [bench_limitedstream-patch] 308 ns +- 7 ns: 1.95x faster

Geometric mean: 1.59x faster
2023-01-05 19:26:56 +01:00
Mariusz Felisiak
63d1cb0092
Refs #32355 -- Bumped minimum supported versions of 3rd-party packages.
This bumps minimum supported versions of 3rd-party packages to the first
releases to support Python 3.8.
2023-01-05 18:09:33 +01:00
Mariusz Felisiak
7d9329935a
Refs #32355 -- Bumped mysqlclient requirement to >= 1.4.3.
mysqlclient 1.4.3 is the first release to support Python 3.8.
2023-01-05 16:34:14 +01:00
Mariusz Felisiak
5cf9ff970e
Fixed #33961 -- Updated admin's jQuery to 3.6.3. 2023-01-04 11:28:09 +01:00
Mike Crute
0b78ac3fc7 Fixed #34200 -- Made the session role configurable on PostgreSQL. 2023-01-03 09:30:53 +01:00
Claude Paroz
2a14b8df39 Fixed #33783 -- Added IsEmpty GIS database function and __isempty lookup on PostGIS. 2023-01-03 05:47:44 +01:00
Florian Apolloner
afa2e28205 Fixed #34235 -- Added ManifestFilesMixin.manifest_hash attribute.
This adds ManifestFilesMixin.manifest_hash attribute exposing a "hash"
of the full manifest. This allows applications to determine when their
static files have changed.
2023-01-02 09:53:52 +01:00
Mariusz Felisiak
75500feecd Added stub release notes for 4.1.6. 2023-01-02 08:50:33 +01:00
Mariusz Felisiak
174d8157b5 Added release date for 4.1.5. 2023-01-02 08:10:59 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
Claude Paroz
1833eb3f3e
Upgraded OpenLayers to v.7.2.2. 2022-12-29 08:30:30 +01:00
Adrian Torres
7eee1dca42 Fixed #14094 -- Added support for unlimited CharField on PostgreSQL.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-12-28 12:31:04 +01:00
kimsoungryoul
78f163a4fb Fixed #18468 -- Added support for comments on columns and tables.
Thanks Jared Chung, Tom Carrick, David Smith, Nick Pope, and Mariusz
Felisiak for reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2022-12-28 06:28:07 +01:00
Carlton Gibson
0bd2c0c901 Fixed #33735 -- Added async support to StreamingHttpResponse.
Thanks to Florian Vazelle for initial exploratory work, and to Nick
Pope and Mariusz Felisiak for review.
2022-12-22 10:41:12 +01:00
Mariusz Felisiak
2d676ee119 Updated translations from Transifex.
Updated Bulgarian, Esperanto, Hungarian, Japanese, Macedonian, Persian,
Portuguese (Brazil), Russian, Spanish, and Turkmen translations.

Forwardport of 46b28bbe151282e9198b719d00f84b48c92606ba from stable/4.1.x.
2022-12-20 19:34:59 +01:00
Carlton Gibson
32d70b2f55
Refs #34118 -- Adopted asgiref coroutine detection shims.
Thanks to Mariusz Felisiak for review.
2022-12-20 11:10:48 +01:00
Roxane
289e9a75af Fixed #33662 -- Allowed Sitemap to customize languages for each item. 2022-12-19 12:51:52 +01:00
Andreas Pelme
ab7a85ac29 Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. 2022-12-17 08:46:37 +01:00
Daniele Varrazzo
09ffc5c121 Fixed #33308 -- Added support for psycopg version 3.
Thanks Simon Charette, Tim Graham, and Adam Johnson for reviews.

Co-authored-by: Florian Apolloner <florian@apolloner.eu>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-12-15 06:17:57 +01:00
James Gillard
c5ed884eab Fixed #34205 -- Fixed Meta.constraints validation crash with ArrayField and __len lookup.
Regression in 88fc9e2826044110b7b22577a227f122fe9c1fb5 that began
manifesting in Django 4.1.
2022-12-10 17:46:13 +01:00
SirAbhi13
b8738aea14 Fixed #33199 -- Deprecated passing positional arguments to Signer/TimestampSigner.
Thanks Jacob Walls for the implementation idea.
2022-12-09 12:44:48 +01:00
Mariusz Felisiak
cbc0fb3705
Made inspectdb used Cursor.description.display_size for CharFields' max_length.
internal_size is size for fixed-size types not for char types.
2022-12-08 09:00:35 +01:00
Mariusz Felisiak
95a101a690
Fixed #34201 -- Bumped minimum supported SQLite to 3.21.0. 2022-12-08 05:53:18 +01:00
James Bligh
e44d348c99
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
Co-authored-by: James Bligh <james.bligh@silvercloudhealth.com>
2022-12-07 10:56:00 +01:00
Carlton Gibson
845a5db38f Added stub release notes for 4.1.5. 2022-12-06 10:20:27 +01:00
Carlton Gibson
f4a053a294 Added release date for 4.1.4. 2022-12-06 09:56:43 +01:00
Mariusz Felisiak
514884e9a5
Updated various links to HTTPS and new locations. 2022-12-06 05:59:43 +01:00