Matthias Kestenholz
d84200e4eb
Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for non-string RHS.
...
This change ensures SafeString addition operations handle non-string RHS
properly, allowing them to implement __radd__ for better compatibility.
2024-08-12 14:25:05 -03:00
Matthias Kestenholz
b5c048f5ec
Refs #35648 -- Added test for addition between SafeString and str in utils_tests.
2024-08-12 14:25:05 -03:00
Marc Picaud
b4c1569eae
Marked missing part of warning footer for translation in SelectFilter2.js.
2024-08-12 14:23:21 -03:00
Devin Cox
e03083917d
Fixed #35586 -- Added support for set-returning database functions.
...
Aggregation optimization didn't account for not referenced set-returning annotations on Postgres.
Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-12 15:35:19 +02:00
Mark Gensler
228128618b
Fixed #35575 -- Added support for constraint validation on GeneratedFields.
2024-08-12 13:45:57 +02:00
Mariusz Felisiak
f883bef054
Refs #35591 -- Removed hardcoded "stable" version in runserver warning.
2024-08-12 10:57:02 +02:00
lucasesposito
f16a9a556f
Fixed #35658 -- Initialized InMemoryFileNode instances with a name.
2024-08-09 12:27:15 +02:00
Andrew Miller
69aa13ffb9
Fixed #35591 -- Added unsuitable for production console warning to runserver.
2024-08-09 10:34:10 +02:00
Adam Johnson
9582745257
Fixed #35622 -- Made unittest ignore Django assertions in traceback frames.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-08 21:34:01 -03:00
Natalia
e1606d27b4
Added test for acheck_password() to ensure make_password is called for unusable passwords.
...
This is a follow up for the fix of CVE-2024-39329
(5d86458579
) where the timing of
verify_password() was standardized when checking unusable passwords.
2024-08-08 12:53:36 -03:00
Jure Cuhalev
f8ef4579ea
Doc'd that SessionMiddleware is required for the admin site.
...
The system check "admin.E410" was already checking for this, but the
requirement was not listed in docs/ref/contrib/admin/index.txt.
2024-08-08 08:48:41 -03:00
Andrew Miller
cec62fb99e
Refs #35591 -- Emphasized that runserver is not suitable for production.
2024-08-08 10:08:53 +02:00
Adam Johnson
49815f70e4
Refs #31405 -- Improved LoginRequiredMiddleware documentation.
...
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Mariusz Felisiak
7fb15ad5bc
Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy.
...
Thanks Michał Górny for the report.
2024-08-08 09:53:04 +02:00
Matthias Kestenholz
54888408a1
Fixed #35639 -- Improved admin's delete confirmation page title.
2024-08-07 18:10:49 -03:00
Natalia
790f0f8868
Added stub release notes for 5.1.1.
2024-08-07 10:38:36 -03:00
Natalia
a05187fce6
Fixed i18n.tests.TranslationTests.test_plural to use correct French translation.
...
Forwardport of d5ad743e79
from stable/5.1.x.
2024-08-07 10:10:28 -03:00
Natalia
bdcf789553
Updated translations from Transifex.
...
Forwardport of 380c6e6ddd
from stable/5.1.x.
2024-08-07 10:09:42 -03:00
Natalia
8ad6dc636b
Finalized release notes for Django 5.1.
2024-08-07 10:04:18 -03:00
Farhan
6993c9d8c9
Fixed #35553 -- Handled import*as in HashedFilesMixin.
2024-08-07 11:01:56 +02:00
Sarah Boyce
fdc638bf4a
Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive.
2024-08-06 17:22:46 +02:00
Simon Charette
c87bfaacf8
Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
...
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak
5f1757142f
Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
...
Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
ecf1f8fb90
Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks to MProgrammer for the report.
2024-08-06 08:50:08 +02:00
Sarah Boyce
c19465ad87
Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
...
Thanks Elias Myllymäki for the report.
Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
8deb6bb1fc
Fixed #35657 -- Made FileField handle db_default values.
2024-08-05 16:36:49 -03:00
nessita
e9e14709ff
Extended script to manage translations to support fetching new translations since a given date.
2024-08-05 13:51:28 -03:00
David Sanders
509763c799
Fixed #35638 -- Updated validate_constraints to consider db_default.
2024-08-05 17:33:12 +02:00
David Sanders
91a038754b
Refs #35638 -- Avoided wrapping expressions with Value in _get_field_value_map() and renamed to _get_field_expression_map().
2024-08-05 17:33:12 +02:00
Mariusz Felisiak
304d256674
Used :pypi: role in docs where appropriate.
2024-08-05 10:35:50 -03:00
John Parton
7f8d839722
Fixed #35628 -- Allowed compatible GeneratedFields for ModelAdmin.date_hierarchy.
2024-08-05 15:27:20 +02:00
Natalia
90adba85b2
Refs #35380 -- Updated screenshots in admin docs.
2024-08-05 09:02:01 -03:00
Natalia
fb6050e784
Refs #35380 -- Updated screenshots in intro docs.
2024-08-05 09:02:01 -03:00
Natalia
6e66c77089
Fixed #35645 , Refs #35558 -- Added "medium" color in the admin CSS to improve accessibility of headings.
2024-08-05 09:02:01 -03:00
Jake Howard
d5bebc1c26
Refs #35537 -- Improved documentation and test coverage for email attachments and alternatives.
2024-08-05 09:21:44 +02:00
Sarah Boyce
5424151f96
Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on Oracle 23c."
...
This reverts commit 175b04942a
due to a crash when Oracle > 23.3.
2024-08-03 09:05:30 +02:00
Mariusz Felisiak
6d3464cff0
Refs #35601 , Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs.
2024-08-02 17:40:53 -03:00
Simon Charette
a16f13a866
Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference containing "__".
...
Regression in b0ad41198b
.
Refs #34013 . The initial logic did not consider that annotation aliases
can include lookup or transform separators.
Thanks Gert Van Gool for the report and Mariusz Felisiak for the review.
2024-08-02 16:21:12 -03:00
lucasesposito
b478cae006
Fixed #35601 -- Added TelInput widget.
2024-08-02 11:31:54 +02:00
arjunomray
946c3cf734
Fixed #35599 -- Added ColorInput widget.
2024-08-02 09:51:49 +02:00
Vaarun Sinha
54e8b4e582
Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget.
...
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-02 08:56:54 +02:00
Markus Holtermann
aa90795050
Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat AUTH
as a sensitive match.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-01 15:02:00 -03:00
Natalia
615c80aba6
Improved view_tests.tests.test_debug.ExceptionReporterFilterTests.
2024-08-01 15:02:00 -03:00
Bendeguz Csirmaz
1eac690d25
Refs #373 -- Added tuple lookups.
2024-08-01 17:26:09 +02:00
Sarah Boyce
3dac3271d2
Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL."
...
This reverts commit 9cf9c796be
due to a crash on Oracle
as it didn't allow multiple indexes on the same field.
2024-08-01 09:25:33 +02:00
nessita
8cf931dd2f
Removed GitHub Actions for creating and checking reminders.
2024-07-31 10:07:57 -03:00
Jeremy Thompson
30a60e8492
Fixed #35598 -- Added SearchInput widget.
2024-07-31 13:11:45 +02:00
Sarah Boyce
3f88089069
Added stub release notes and release date for 5.0.8 and 4.2.15.
2024-07-31 11:21:32 +02:00
Ben Cail
9cf9c796be
Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL.
2024-07-30 17:27:10 +02:00
Maryam Yusuf
7e00fee3bd
Fixed #35546 -- Emphasised accepted ticket requirement in contributing docs.
2024-07-29 15:12:43 +02:00