1
0
mirror of https://github.com/django/django.git synced 2024-12-27 03:25:58 +00:00
Commit Graph

252 Commits

Author SHA1 Message Date
Mariusz Felisiak
ba7d8ac37d [4.2.x] Added stub release notes for 4.1.7.
Backport of f3c89744cc from main
2023-02-01 13:22:00 +01:00
Carlton Gibson
d43fbdf6f1 [4.2.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of d8e1442ce2 from main
2023-01-25 12:26:40 +01:00
Carlton Gibson
50432e3fd5 [4.2.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of 1df963ad24 from main
2023-01-25 11:58:35 +01:00
Mariusz Felisiak
75500feecd Added stub release notes for 4.1.6. 2023-01-02 08:50:33 +01:00
Carlton Gibson
845a5db38f Added stub release notes for 4.1.5. 2022-12-06 10:20:27 +01:00
Mariusz Felisiak
c765b62e32 Added stub release notes for 4.1.4. 2022-11-01 07:27:30 +01:00
Carlton Gibson
7a08927323 Added stub release notes for 4.1.3 release. 2022-10-04 09:49:23 +02:00
Carlton Gibson
c2bc71b635 Set date and added stub notes for 4.1.2, 4.0.8, and 3.2.16 releases. 2022-09-27 09:44:47 +02:00
Mariusz Felisiak
604fadde11 Added stub release notes for 4.1.2. 2022-09-05 06:02:40 +02:00
Carlton Gibson
09e837c5d9 Added stub release notes for 4.1.1. 2022-08-03 10:52:38 +02:00
Carlton Gibson
0c1675781e Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 2022-07-27 09:23:40 +02:00
Mariusz Felisiak
c6932ea2ea Added stub release notes for 4.0.7. 2022-07-04 10:06:07 +02:00
Mariusz Felisiak
b2eff16806 Added stub release notes and release date for 4.0.6 and 3.2.14. 2022-06-27 07:13:26 +02:00
Carlton Gibson
d5bc362030 Added stub release notes for 4.0.6. 2022-06-01 14:36:22 +02:00
Carlton Gibson
d10e569ea5 Added stub release notes for 4.2. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
Carlton Gibson
9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Mariusz Felisiak
ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak
eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Carlton Gibson
f38c66b555 Added stub release notes for Django 4.0.2. 2022-01-04 11:10:53 +01:00
Carlton Gibson
b13d920b7b Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 2021-12-28 08:47:33 +01:00
Mariusz Felisiak
adef3d975e Added stub release notes for 4.0.1. 2021-12-07 10:41:32 +01:00
Mariusz Felisiak
ae4077e13e Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 2021-11-30 11:25:00 +01:00
Mariusz Felisiak
d811fa1d10 Added stub release notes for Django 3.2.10. 2021-11-01 10:41:06 +01:00
Carlton Gibson
c113f7fb0d Added stub release notes for Django 3.2.9. 2021-10-05 09:39:20 +02:00
Mariusz Felisiak
810bca5a1a Added stub release notes for 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak
af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Carlton Gibson
947bdec60c Added stub release notes for Django 3.2.7. 2021-08-02 08:41:29 +02:00
Mariusz Felisiak
bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak
8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
Carlton Gibson
ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson
b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Mariusz Felisiak
820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Mariusz Felisiak
29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Carlton Gibson
5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Carlton Gibson
df0a9e6d5c Added stub release notes for Django 3.2.1. 2021-04-06 11:49:48 +02:00
Mariusz Felisiak
d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
Mariusz Felisiak
e0f82d7992 Added stub release notes for 3.1.8. 2021-02-25 20:27:10 +01:00
Nick Pope
0ad9fa02e0 Refs CVE-2021-23336 -- Updated tests and release notes for affected versions. 2021-02-19 09:03:06 +01:00
Mariusz Felisiak
8d3c3a5717 Added stub release notes for 3.1.7. 2021-02-01 10:51:16 +01:00
Mariusz Felisiak
05413afa8c Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
Mariusz Felisiak
8774b1144c Added stub release notes for 4.0. 2021-01-14 17:50:04 +01:00
Carlton Gibson
966ed414b2 Added stub release notes for 3.1.6. 2021-01-04 08:58:03 +01:00
Mariusz Felisiak
adb40d217e Added stub release notes for 3.1.5. 2020-12-01 07:12:49 +01:00
Carlton Gibson
c8785b473f Added stub release notes for 3.1.4. 2020-11-02 09:20:53 +01:00
Mariusz Felisiak
e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00