mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Code Issues 32 Releases Wiki Activity
31,720 Commits 30 Branches 460 Tags
c5d196a65264136ee6795356871a29f3d22ec52f
Commit Graph

13374 Commits

Author SHA1 Message Date
Natalia
8e59e33400 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to security archive. 
Backport of e095c7612d from main.
 2024-07-09 12:00:22 -03:00
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:40:50 -03:00
Natalia
2b00edc015 [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method. 
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
 2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords. 
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
 2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00
Sarah Boyce
b46b94e66c [4.2.x] Added release notes for 4.2.13. 
Backport of 90175e110e from main.
 2024-05-07 17:35:16 +02:00
Sarah Boyce
3f9c8fc1f9 [4.2.x] Added release date for 4.2.12. 
Backport of 34a503162f from main.
 2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin." 
This reverts commit 0fc832676c.
 2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin. 
Backport of bdd76c4c38 from main.
 2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12. 
Backport of cd823778e6 from main.
 2024-04-12 15:07:36 +02:00
Natalia
27c32cc991 [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e. 
Backport of 42435fc55c from main.
 2024-04-10 18:29:33 +02:00
Mariusz Felisiak
a76c52b19a [4.2.x] Added CVE-2024-27351 to security archive. 
Backport of da39ae4b5f from main
 2024-03-04 10:12:58 +01:00
Shai Berger
3c9a2771cc [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). 
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139 [4.2.x] Added release date for 4.2.11 and 3.2.25. 
Backport of 977d254169 from main
 2024-02-26 08:29:04 +01:00
Mariusz Felisiak
cb173bb088 [4.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8.

Backport of 2f14c2cedc from main.
 2024-02-08 11:00:36 +01:00
Natalia
227ef29cff [4.2.x] Added CVE-2024-24680 to security archive. 
Backport of c650c1412d from main
 2024-02-06 12:16:50 -03:00
Adam Johnson
572ea07e84 [4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
 2024-02-06 09:56:20 -03:00
nessita
9fe7411235 [4.2.x] Pinned black == 23.12.1 for blacken-docs checks. 2024-01-30 05:47:27 +01:00
Natalia
74582b8d11 [4.2.x] Added stub release notes for 4.2.10 and 3.2.24. 
Backport of 06d0a1bd56 from main
 2024-01-29 12:09:52 -03:00
Mariusz Felisiak
0a4c5e56b4 [4.2.x] Added release date for 4.2.9. 
Backport of f82a2c3b3d from main.
 2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813 [4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line. 
Thanks James Gillard for the report.

Regression in 729266c6f2.

Backport of 4aae864463 from main
 2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb [4.2.x] Added stub release notes for 4.2.9. 
Backport of 464af0975c from main
 2023-12-05 06:12:20 +01:00
Mariusz Felisiak
52e28e5fbf [4.2.x] Added release date for 4.2.8. 
Backport of 8fcb9f1f10 from main
 2023-12-04 09:25:56 +01:00
Mariusz Felisiak
6e2d9f0aa8 [4.2.x] Fixed #35006 -- Fixed migrations crash when altering Meta.db_table_comment on SQLite. 
Thanks Юрий for the report.

Regression in 78f163a4fb.
Backport of 37fc832a54 from main
 2023-11-30 10:11:28 +01:00
Adam Johnson
5b698cbcf1 [4.2.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac58901 from main
 2023-11-28 20:12:09 +01:00
Tom Carrick
bd0ea8c2ba [4.2.x] Fixed #34982 -- Fixed admin's read-only password widget and help texts alignment for tablet screen size. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 729266c6f2 from main
 2023-11-27 15:20:59 -03:00
Mariusz Felisiak
cdb14cc18b [4.2.x] Fixed #34978, Refs #31331 -- Added backward incompatibility note about raw aggregations on MySQL. 
Thanks Matthew Somerville for the report.

Backport of a652f07596 from main
 2023-11-27 12:44:18 -03:00
Nathaniel Conroy
450d518d2f [4.2.x] Fixed #34992 -- Fixed DatabaseFeatures.allows_group_by_selected_pks on MariaDB with ONLY_FULL_GROUP_BY sql mode. 
Regression in 041551d716.

Backport of 0257426fe1 from main.
 2023-11-27 10:35:56 +01:00
Tom Carrick
bac9e94ace [4.2.x] Fixed #34994 -- Fixed checkbox layout in admin's change page for narrow screen widths. 
Regression in d687febce5.

Backport of a89c715c3b from main
 2023-11-23 16:57:21 -03:00
Tom Carrick
3d943c4f55 [4.2.x] Fixed #34991 -- Fixed pagination links and input layout in admin's change list page when using list_editable. 
Regression in b4817d20b9.

Thanks Tom Carrick for the report and fix.

Backport of 4eb9c3d90a from main
 2023-11-23 10:22:34 -03:00
Simon Charette
cf95de9d24 [4.2.x] Fixed #34987 -- Fixed queryset crash when mixing aggregate and window annotations. 
Regression in f387d024fc.

Just like `OrderByList` the `ExpressionList` expression used to wrap
`Window.partition_by` must implement `get_group_by_cols` to ensure the
necessary grouping when mixing window expressions with aggregate
annotations is performed against the partition members and not the
partition expression itself.

This is necessary because while `partition_by` is implemented as
a source expression of `Window` it's actually a fragment of the WINDOW
expression at the SQL level and thus it should result in a group by its
members and not the sum of them.

Thanks ElRoberto538 for the report.
Backport of e76cc93b01 from main
 2023-11-23 06:10:24 +01:00
Tim Schilling
6d7313bc87 [4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs. 
The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44 from main
 2023-11-23 05:28:43 +01:00
Mariusz Felisiak
9afeb6b9b6 [4.2.x] Refs #34118 -- Doc'd Python 3.12 compatibility in Django 4.2.x. 
Backport of ecfea054ee from main.
 2023-11-19 16:38:33 +01:00
Simon Charette
acf4cee951 [4.2.x] Fixed #34975 -- Fixed crash of conditional aggregate() over aggregations. 
Adjustments made to solve_lookup_type to defer the resolving of
references for summarized aggregates failed to account for similar
requirements for lookup values which can also reference annotations
through Aggregate.filter.

Regression in b181cae2e3.

Refs #25307.

Thanks Sergey Nesterenko for the report.

Backport of 7530cf3900 from main
 2023-11-18 16:53:24 +01:00
Markus Amalthea Magnuson
47f9b8dca1 [4.2.x] Fixed #34970 -- Clarified Password Validation docs regarding the password_changed callback. 
Backport of 61c305f298 from main
 2023-11-15 21:51:32 -03:00
Giannis Terzopoulos
f1e004012f [4.2.x] Removed obsolete sentence in custom model field docs. 
Backport of 36ed45d27c from main
 2023-11-15 13:53:03 +01:00
William Hayes
e9acdff462 [4.2.x] Refs #33690 -- Added missing data-theme selector to example in theming support docs. 
Backport of 640283711e from main
 2023-11-15 05:28:17 +01:00
Adam Johnson
90c3d71dfe [4.2.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07 from main
 2023-11-09 11:05:54 -03:00
Patrick Rauscher
3d2370607d [4.2.x] Fixed #34813 -- Doc'd usage of integrity HTML attribute with ManifestStaticFilesStorage. 
Backport of 116e225266 from main
 2023-11-02 08:27:06 -03:00
Mariusz Felisiak
ce44eaf6d0 [4.2.x] Added stub release notes for 4.2.8. 
Backport of 36173cf29d from main
 2023-11-01 08:25:36 +01:00
Mariusz Felisiak
e4c9703ec6 [4.2.x] Added CVE-2023-46695 to security archive. 
Backport of 7caf262183 from main
 2023-11-01 08:17:50 +01:00
Mariusz Felisiak
048a9ebb6e [4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2023-11-01 06:19:20 +01:00
Natalia
3fae5d92da [4.2.x] Refs #30601 -- Fixed typos in docs/topics/db/transactions.txt. 
Backport of 9b18af4f6f from main
 2023-10-30 13:50:20 -03:00
Natalia
a8aa94062b [4.2.x] Refs #15578 -- Made cosmetic edits to fixtures docs. 
Backport of b412e5645a from main
 2023-10-30 10:33:40 -03:00
Tom Carrick
109f39a38b [4.2.x] Fixed #34932 -- Restored varchar_pattern_ops/text_pattern_ops index creation when deterministic collaction is set. 
Regression in f3f9d03edf (4.2) and
8ed25d65ea (5.0).

Backport of 34b411762b from main.
 2023-10-30 11:14:08 +01:00
Sarah Boyce
61612990d8 [4.2.x] Fixed typos in docs/ref/models/expressions.txt. 
Backport of 8992a0489c from main
 2023-10-28 14:22:30 +02:00
lufafajoshua
696fbc32d6 [4.2.x] Fixed #30601 -- Doc'd the need to manually revert all app state on transaction rollbacks. 
Backport of aa80b357fb from main
 2023-10-27 23:33:45 -03:00
Izzy Hyman
ffba63180c [4.2.x] Fixed typo in docs/ref/contrib/gis/geos.txt. 
Backport of c42250a703 from main
 2023-10-27 05:32:47 +02:00
Leo Suarez
43a3646070 [4.2.x] Fixed #15578 -- Stated the processing order of fixtures in the fixtures docs. 
Also, added details about loading multiple fixtures and unified line wrapping
at 79 cols.

Co-Authored-By: Aniketh Babu <anikethbabu@gmail.com>
Co-Authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-Authored-By: Natalia Bidart <124304+nessita@users.noreply.github.com>

Backport of 334dc073b1 from main
 2023-10-26 21:52:24 -03:00