1
0
mirror of https://github.com/django/django.git synced 2025-03-14 11:20:46 +00:00

13980 Commits

Author SHA1 Message Date
Sarah Boyce
8dbb44d342 [5.1.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter.
Thanks sw0rd1ight for the report.

Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
2025-03-06 09:42:06 +01:00
hesham942
d7dc1f6db0 [5.1.x] Fixed typo in docs/ref/checks.txt.
Backport of 8f942f1c1dbf4222c8ca48253f7959366ed1bb60 from main.
2025-03-05 16:23:43 +01:00
hesham942
dbd94e7ac9 [5.1.x] Fixed #36227 -- Fixed outdated PostgreSQL documentation links.
Backport of 3ecaa85a247373d7ccbcdd593b3fd4bb701f7674 from main.
2025-03-05 15:18:24 +01:00
Clifford Gama
cc405e1546 [5.1.x] Fixed #36128 -- Clarified auto-generated unique constraint on m2m through models.
Backport of ae2736ca3bf4c6a27e23ee95530ad965b550d4cc from main.
2025-03-04 13:08:01 +01:00
antoliny0919
03ace756ea [5.1.x] Fixed #36217 -- Restored pre_save/post_save signal emission via LogEntry.save() for single-object deletion in the admin.
Regression in 40b3975e7d3e1464a733c69171ad7d38f8814280.

Thanks smiling-watermelon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of c09bceef68e5abb79accedd12dade16aa6577a09 from main.
2025-03-04 10:38:15 +01:00
Tim Graham
76a9f12b60 [5.1.x] Added some heading labels to to docs/topics/cache.txt.
Backport of 6d1cf5375f6fbc1496095d2356357c3b08a46324 from main
2025-03-02 19:56:11 +01:00
Sarah Boyce
558c616c95 [5.1.x] Added stub release notes and release date for 5.1.7, 5.0.13, and 4.2.20.
Backport of ea1e3703bee28bfbe4f32ceb39ad31763353b143 from main.
2025-02-27 16:08:13 +01:00
Sarah Boyce
11243cc8f3 [5.1.x] Added security guideline on reasonable size limitations when rendering content via the DTL.
This also removes the need to add warnings for every Django template filter.

Backport of 582ba18d56167587e290545f113d3956e73a5801 from main.
2025-02-24 08:59:00 +01:00
Sarah Boyce
b80288a16d [5.1.x] Added security reporting guidelines.
Backport of 59353360590202fab04067e23214a825157c524b from main.
2025-02-24 08:58:11 +01:00
Sarah Boyce
ce8dd44285 [5.1.x] Updated expectations for when security reports will receive a reply.
Backport of cecb76a942e4c9df518df098b1e62778cfe20f06 from main.
2025-02-24 08:57:25 +01:00
Joonas Häkkinen
914cde19c2 [5.1.x] Fixed #36200 -- Clarified MIDDLEWARE setting updates when using a custom RemoteUserMiddleware.
Backport of 87c5de3b7f2316aa17353d74f54e6ff19013d049 from main.
2025-02-20 16:16:29 +01:00
Adam Zapletal
f8b72f8547 [5.1.x] Clarified admonition in GeneratedField docs.
Backport of 43766c70bd2939771b7f37104866316faa34606b from main.
2025-02-20 14:43:22 +01:00
Sarah Boyce
481b82802d [5.1.x] Fixed #35908 -- Retired the django-developers and django-users mailing lists.
Co-authored-by: Chaitanya Rahalkar <chaitanyarahalkar@squareup.com>

Backport of 86493307f97b9795a74227b6af2d59a267160847 from main.
2025-02-19 12:18:12 +01:00
Mariusz Felisiak
e479ccb064 [5.1.x] Fixed docs build on Sphinx 8.2+.
Backport of 2684a383bc67149ceea93cb1b99c8492b4614dcd from main.
2025-02-19 09:47:40 +01:00
Sarah Boyce
8c8e2a81b7 [5.1.x] Removed advice to propose a new contrib app.
Backport of 9d22a7d8f0e814a596ecbeb6efd051262f6a03e3 from main.
2025-02-18 16:12:57 +01:00
Simon Charette
8488074fe3 [5.1.x] Fixed #36197 -- Fixed improper many-to-many count() and exists() for non-pk to_field.
Regression in 66e47ac69a7e71cf32eee312d05668d8f1ba24bb.

Thanks mfontana-elem for the report and Sarah for the tests.

Backport of c3a23aa02faa1cf1d32e43d66858e793cd9ecac4 from main.
2025-02-18 11:45:45 +01:00
Gaël Utard
a9d03c4094 [5.1.x] Fixed #36191 -- Truncated the overwritten file content in FileSystemStorage.
Backport of 0d1dd6bba0c18b7feb6caa5cbd8df80fbac54afd from main.
2025-02-17 14:06:03 +01:00
Simon Charette
20e965e869 [5.1.x] Refs #35967 -- Doc'd DatabaseCreation.serialize_db_to_string() method.
Backport of 99ac8e2589ea978c1c80ff66b4536814121f77dd from main
2025-02-16 13:46:34 +01:00
Luke Cousins
391fde9e54 [5.1.x] Corrected wording in docs/ref/models/constraints.txt.
Backport of 579a1c99962c8697053974a70de635a997be63dc from main.
2025-02-14 15:21:40 +01:00
Jaime Terreu
58eec456a2 [5.1.x] Fixed typo in docs/ref/databases.txt.
Backport of d87bb0eb3ee4ca141c6fa251e6c2c97050e6c92c from main.
2025-02-14 15:18:02 +01:00
Sarah Boyce
65113401f1 [5.1.x] Fixed #36182 -- Returned "?" if all parameters are removed in querystring template tag.
Thank you to David Feeley for the report and Natalia Bidart for the review.

Backport of 05002c153c5018e4429a326a6699c7c45e5ea957 from main.
2025-02-13 15:57:56 +01:00
Mariusz Felisiak
861f9a2427 [5.1.x] Specified "django" repository for twine call in docs/internals/howto-release-django.txt.
It's necessary to specify a repository for `.pypirc` user configurations
with multiple per-project PyPI tokens.

Follow up to 26aedbbc0835df83140c7424df62bda03382f598.

Backport of 0dc61495b2217e9c5a872ac967dfcf197d342c84 from main.
2025-02-10 22:56:33 -03:00
Natalia
e7a9d20380 [5.1.x] Added stub release notes for 5.1.7.
Backport of e2a8f4dac8ed2b3667a4367756043b1e119f4ce2 from main.
2025-02-05 11:21:56 -03:00
Natalia
df27e43234 [5.1.x] Added release date for 5.1.6, 5.0.12, and 4.2.19.
Backport of 294cc965efe0dfc8457aa5a8e78cb6d53abfcf92 from main.
2025-02-05 10:40:13 -03:00
amirreza sohrabi far
4a04944f07 [5.1.x] Clarified docs for default email value in UserManager.create_user().
Backport of 5da3ad7bf90fba7321f4c2834db44aa920c70bc7 from main.
2025-02-04 16:35:44 -03:00
nessita
b814f4ccaa [5.1.x] Refs #35612 -- Extended docs on how the security team evaluates reports.
Co-authored-by: Shai Berger <shai@platonix.com>

Backport of f609a2da868b2320ecdc0551df3cca360d5b5bc3 from main.
2025-02-04 08:56:06 -03:00
nessita
8552eef95e [5.1.x] Fixed #36140 -- Allowed BaseUserCreationForm to define non required password fields.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.

Thanks buffgecko12 for the report and Sarah Boyce for the review.

Backport of d15454a6e84a595ffc8dc1b926282f484f782a8f from main.
2025-02-01 22:51:06 -03:00
Mike Edmunds
76b4fb74ce [5.1.x] Fixed #36162 -- Fixed the black Makefile docs rule to work on macOS.
The `make black` target in the docs directory used Linux-specific
syntax for its `find` command. Changed to syntax that also works
on macOS and other BSD Unix variants.
Backport of 248d8457cbec631ef93d76137bc621106347adda from main.
2025-02-01 22:29:22 -03:00
nessita
173edebf7f
[5.1.x] Corrected ArrayAgg example for ordering usage. 2025-01-30 14:50:47 -03:00
nessita
4f0169e94f [5.1.x] Tweaked docs to avoid reformatting given new black version.
Backport of fd3cfd80bebad292d639a03e58632e494369eb92 from main.
2025-01-30 10:39:08 -03:00
Sarah Boyce
9d1945df8f [5.1.x] Clarified the Releaser's discretion for determining and postponing the release date.
Backport of 8a6b4175d790424312965ec77e4e9b072fba188b from main.
2025-01-28 18:20:30 +01:00
Sarah Boyce
3c1f94d70f [5.1.x] Updated the release process documentation to reflect the current process.
Backport of 0ba35a49481c9fec4731ca0dd2230d8d48f51389 from main.
2025-01-28 11:35:22 +01:00
Clifford Gama
8ad0d09a00 [5.1.x] Fixed ambiguous pronoun reference in docs/ref/models/fields.txt.
Backport of 9cc3970eaaf603832c075618e61aea9ea430f719 from main.
2025-01-24 18:48:07 +01:00
Baptiste Mispelon
230df91150 [5.1.x] Fixed #36125 -- Switched docs to use chat.djangoproject.com when referencing the Discord server.
Backport of 9a1f18635ff034b039c24ed5121cced028fc27d0 from main.
2025-01-22 18:24:02 -03:00
Igor Scheller
9213226286 [5.1.x] Refs 35653 -- Clarified docs for EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE settings.
Backport of 136a1e89278070fd100f27d9519529be8a8a8c10 from main.
2025-01-21 19:35:54 -03:00
Mariusz Felisiak
db5630763d [5.1.x] Refs #32193 -- Updated python-memcached to pymemcache in contributing guide.
Follow up to 05f3a6186efefc9fca2204a745b992501c6fd91f.
Backport of 337c641abb36b3c2501b14e1290b800831bb20ad from main
2025-01-20 22:45:49 +01:00
Mariusz Felisiak
c81669cb54 [5.1.x] Fixed #36098 -- Fixed validate_ipv6_address()/validate_ipv46_address() crash for non-string values.
Regression in ca2be7724e1244a4cb723de40a070f873c6e94bf.

Backport of b3c5830769d8a5dbf2f974da7116fe503c9454d9 from main.
2025-01-15 13:47:13 -03:00
Natalia
dd2247d5fd [5.1.x] Added CVE-2024-56374 to security archive.
Backport of f2a1dcaa53626ff11b921ef142b780a8fd746d32 from main.
2025-01-14 11:39:03 -03:00
Natalia
7b8fca716d [5.1.x] Added stub release notes for 5.1.6.
Backport of 3b46bea90933b8fb24f4ddfa8a3943032a5a370e from main.
2025-01-14 11:34:16 -03:00
Michael Manfre
4806731e58 [5.1.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation.
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-01-14 08:44:20 -03:00
Natalia
d6749de927 [5.1.x] Made cosmetic edits to 5.1.5 release notes.
Backport of 9a2dd9789a2edeed7344a8ec0d17142ad27443a1 from main.
2025-01-14 08:34:40 -03:00
Jacob Walls
b325864686 [5.1.x] Fixed #36077 -- Corrected docs on pk value where Model.save() executes an UPDATE.
The empty string is no longer special-cased since
c2ba59fc1da5287d6286e2c2aca4083d5bafe056.

Backport of d66137b39b1503ca3d4d4fac687251adbc845068 from main.
2025-01-13 11:20:05 +01:00
Sarah Boyce
8d81c4730f [5.1.x] Fixed #35999 -- Removed #django IRC channel references where appropriate.
Some references are replaced with links to the Django Discord server.

Backport of 15e207ce80581ec64bd790c37cce1bc07d01a744 from main.
2025-01-08 10:29:52 +01:00
Carlton Gibson
6b9d5ac69c [5.1.x] Strengthened wording on supported Python versions in FAQ.
Backport of 007f14365988bd94c35dc34959c1ef4c2407c86f from main.
2025-01-08 10:29:05 +01:00
Natalia
0966cc7364 [5.1.x] Added stub release notes and release date for 5.1.5, 5.0.11, and 4.2.18.
Backport of 53e21eebf22bc05c7fa30820b453b7f345b7af40 from main.
2025-01-07 12:32:08 -03:00
Clifford Gama
638547bc0b [5.1.x] Fixed typo in tutorial 5.
Backport of 095f5db060b88f5ef248d6a656b9059a54d4f277 from main.
2025-01-07 11:03:01 -03:00
Andrés Reverón Molina
2ee6ca6d35 [5.1.x] Fixed #34856 -- Fixed references to index_together in historical migrations.
While AlterUniqueTogether has been documented to be still allowed in historical
migrations for the foreseeable future it has been crashing since 2abf417c815c20
was merged because the latter removed support for Meta.index_together which the
migration framework uses to render models to perform schema changes.

CreateModel(options["unique_together"]) was also affected.

Refs #27236.

Co-authored-by: Simon Charette <charette.s@gmail.com>

Backport of b44efdfe543c9b9f12690b59777e6b275cb08103 from main.
2024-12-17 10:01:51 +01:00
amansharma612
5f4252ecd6 [5.1.x] Removed links to outdated tools in docs/topics/performance.txt.
Co-authored-by: Aman Sharma <210100011@iitb.ac.in>

Backport of 6f38697f90a14f1450a71c1e40aea0f5df7dca86 from main.
2024-12-11 16:55:14 -03:00
Sarah Boyce
65e8c8f776 [5.1.x] Cleaned up CVE-2024-53907 and CVE-2024-53908 security archive descriptions.
Backport of eb665e076ca3417eb0ac654aed9e9c1853c5af84 from main.
2024-12-04 17:01:12 +01:00
Sarah Boyce
d972812d82 [5.1.x] Added CVE-2024-53907 and CVE-2024-53908 to security archive.
Backport of 595cb4a7aeb1ba1770d10d601ce9a2b4e487c46e from main.
2024-12-04 16:31:03 +01:00