1
0
mirror of https://github.com/django/django.git synced 2025-01-30 20:19:22 +00:00

4509 Commits

Author SHA1 Message Date
Mariusz Felisiak
ce44eaf6d0 [4.2.x] Added stub release notes for 4.2.8.
Backport of 36173cf29d6ad0b0f0cd24326834dddfff2db7f3 from main
2023-11-01 08:25:36 +01:00
Mariusz Felisiak
e4c9703ec6 [4.2.x] Added CVE-2023-46695 to security archive.
Backport of 7caf2621833a45cdfe7e6e305e4885ecc8d79744 from main
2023-11-01 08:17:50 +01:00
Mariusz Felisiak
048a9ebb6e [4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-11-01 06:19:20 +01:00
Tom Carrick
109f39a38b [4.2.x] Fixed -- Restored varchar_pattern_ops/text_pattern_ops index creation when deterministic collaction is set.
Regression in f3f9d03edf17ccfa17263c7efa0b1350d1ac9278 (4.2) and
8ed25d65ea7546fafd808086fa07e7e5bb5428fc (5.0).

Backport of 34b411762b50883d768d7b67e0a158ec39da8b09 from main.
2023-10-30 11:14:08 +01:00
Mariusz Felisiak
0cd8b867a0 [4.2.x] Added stub release notes and release date for 4.2.7, 4.1.13, and 3.2.23.
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main
2023-10-25 05:43:24 +02:00
Claire Pritchard
510a512119 [4.2.x] Fixed typo in docs/releases/4.2.txt.
Backport of 61cc0e6f2c5115415e70e0a7eddd59b7c2aed40d from main
2023-10-22 11:03:08 +02:00
Simon Charette
803caec60b [4.2.x] Fixed -- Fixed QuerySet.aggregate() crash when referencing expressions containing subqueries.
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7,
complements e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4.

Refs , .

Thanks Haldun Komsuoglu for the report.

Backport of 3b4a571275d967512866012955eb0b3ae486d63c from main
2023-10-16 06:15:36 +02:00
Adam Johnson
caec4f4a6f [4.2.x] Refs -- Improved release note describing index regression.
Backport of 73b2c63127297e214d3bfdc8d9a96837691fc2a0 from main
2023-10-15 10:28:07 +02:00
Mariusz Felisiak
0bd53ab86a [4.2.x] Added backticks to setuptools in docs.
Backport of 54b23b1835a8044c35754525dfcf2c3027d79aa8 from main
2023-10-09 09:57:35 +02:00
Natalia
9962f94a97 [4.2.x] Added CVE-2023-43665 to security archive.
Backport of 4e790271e3e65c9ad037b347a34fa95e11982228 from main
2023-10-04 13:09:25 -03:00
Natalia
b2d95bb301 [4.2.x] Added stub release notes for 4.2.7.
Backport of 034457941abf33b194cb145443575bf7fb454faf from main
2023-10-04 13:09:11 -03:00
Natalia
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
2023-10-04 09:39:49 -03:00
Natalia
39fc3f46a8 [4.2.x] Added stub release notes and release date for 4.2.6, 4.1.12, and 3.2.22.
Backport of 5e4b75b78a7a84bc30170c2b8e7434525e745c1b from main
2023-09-27 14:27:44 -03:00
Mariusz Felisiak
a148461f1f [4.2.x] Fixed -- Avoided casting string base fields on PostgreSQL.
Thanks Alex Vandiver for the report.

Regression in 09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca.

Backport of 779cd28acb1f7eb06f629c0ea4ded99b5ebb670a from main.
2023-09-22 06:07:19 +02:00
Mariusz Felisiak
97e8a2afb1 [4.2.x] Fixed -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings from mutating the main STORAGES.
Regression in 6b965c600054f970bdf94017ecf2e0e6e0a4326b.
Backport of a7c73b944f51d6c92ec876fd7e0a171e7c01657d from main
2023-09-11 13:04:55 +02:00
Mariusz Felisiak
592ebd8920 [4.2.x] Added stub release notes for 4.2.6.
Backport of a534835c7b4cf1556638edd39acde7b2b88c8892 from main
2023-09-04 13:25:56 +02:00
Mariusz Felisiak
a1dd785139 [4.2.x] Added CVE-2023-41164 to security archive.
Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main
2023-09-04 13:17:59 +02:00
Mariusz Felisiak
9c51b4dcfa [4.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.

Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-09-04 12:05:35 +02:00
willzhao
acfb427522 [4.2.x] Fixed -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations.
Thanks Pierre-Nicolas Rigal for the report.

Regression in c67ea79aa981ae82595d89f8018a41fcd842e7c9.

Backport of 9cc0d7f7f85cecc3ad15bbc471fe6a08e4f515b6 from main
2023-09-01 11:25:00 +02:00
Mariusz Felisiak
55a0b9c32e [4.2.x] Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21.
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main
2023-08-28 06:14:50 +02:00
Juan Alvarez
46b2b08e45 [4.2.x] Fixed -- Avoided unnecessary selection of non-nullable m2m fields without natural keys during serialization.
By using `select_related(None)` instead of `select_related()`, the
unnecessary joins are completely avoided. Note that the current tests
already covers the change, when the field is not `null=True`.

Regression in f9936deed1ff13b20e18bd9ca2b0750b52706b6c.

Backport of 517d3bb4dd17e9c51690c98d747b86a0ed8b2fbf from main
2023-08-19 11:23:59 +02:00
Mariusz Felisiak
d34db6602e [4.2.x] Fixed -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings with STORAGES.
Thanks Petr Dlouhý for the report.

Bug in 32940d390a00a30a6409282d314d617667892841.
Backport of 6b965c600054f970bdf94017ecf2e0e6e0a4326b from main
2023-08-18 18:12:30 +02:00
Simon Charette
3a1863319c [4.2.x] Fixed -- Fixed JSONField check constraints validation on NULL values.
The __isnull lookup of JSONField must special case
Value(None, JSONField()) left-hand-side in order to be coherent with
its convoluted null handling.

Since psycopg>=3 offers no way to pass a NULL::jsonb the issue is
resolved by optimizing IsNull(Value(None), True | False) to
True | False.

Regression in 5c23d9f0c32f166c81ecb6f3f01d5077a6084318.

Thanks Alexandre Collet for the report.

Backport of 3434dbd39d373df7193ad006b970c09c1a909ea3 from main
2023-08-04 10:58:53 +02:00
Natalia
a750fd0d7f [4.2.x] Added stub release notes for 4.2.5.
Backport of 24068058a63c506c300629fcc491601abc968926 from main
2023-08-01 14:56:34 -03:00
Natalia
e53d6239df [4.2.x] Added release date for 4.2.4.
Backport of c8d7a5491e002c7e5ae9b8453b3263ecf43dde33 from main
2023-08-01 13:47:01 -03:00
Mariusz Felisiak
8808d9da6b [4.2.x] Fixed -- Fixed QuerySet.count() when grouping by unused multi-valued annotations.
Thanks Toan Vuong for the report.
Thanks Simon Charette for the review.

Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7.
Backport of c9b9a52edc66be117c6e5b5214fa788a4d5db7a8 from main
2023-08-01 16:17:06 +02:00
Simon Charette
739da73164 [4.2.x] Fixed -- Fixed queryset crash when grouping by a reference in a subquery.
Regression in dd68af62b2b27ece50d434f6a351877212e15c3f.

Thanks Toan Vuong for the report.

Backport of 4087367ba869be9cf305dac39a8887d4aa4041d2 from main
2023-07-30 07:51:52 +02:00
Mariusz Felisiak
1f9d00ef9f [4.2.x] Added missing backticks in docs.
Backport of 02376f1f53db24039c200ef4818d96accf16a88b from main
2023-07-21 12:55:10 +02:00
Simon Charette
7a67b065d7 [4.2.x] Fixed -- Fixed QuerySet.aggregate() crash when referencing window functions.
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7.

Refs .

Thanks younes-chaoui for the report.

Backport of 68912e4f6f84f21322f92a2c7b6c77f68f91b9c9 from main
2023-07-19 09:06:16 +02:00
Mariusz Felisiak
047844270b [4.2.x] Added stub release notes for 4.2.4.
Backport of 393b8324b390aef428016f93b3cb30228d38dc87 from main
2023-07-03 10:38:20 +02:00
Mariusz Felisiak
9549819d37 [4.2.x] Added CVE-2023-36053 to security archive.
Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main
2023-07-03 10:26:42 +02:00
Mariusz Felisiak
b7c5feb35a [4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
Thanks Seokchan Yoon for reports.
2023-07-03 08:19:23 +02:00
Mariusz Felisiak
9ab56e64de [4.2.x] Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20.
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
2023-06-26 14:36:06 +02:00
Neeraj Kumar
9e9a286bed [4.2.x] Fixed -- Fixed admin change list selected row highlight on editable boolean fields.
Regression in 0aa2f16e63887d6053f6fd0da19254fc74c750ae.

Thanks Andrei Shabanski for the report.

Backport of 1d9d32389c652edc56ada65116d39789896f4820 from main.
2023-06-11 19:28:50 +02:00
Mariusz Felisiak
31d1fc36b3 [4.2.x] Fixed -- Restored alignment for admin date/time timezone warnings.
Regression in 96a598356a9ea8c2c05b22cadc12e256a3b295fd.
Backport of caf80cb41f13e84803a94928282cae75333bbdfc from main
2023-06-09 21:37:50 +02:00
nessita
b2355a8df3 [4.2.x] Added stub release notes for 4.2.3.
Backport of e26d1a91d7de6e9d44655dc4fc6a99654a0dd925 from main
2023-06-05 14:59:06 -03:00
Natalia
e84d38ab36 [4.2.x] Added release date for 4.2.2.
Backport of 0faad0193815c5f07a08dba4eaa04193ca9eb268 from main
2023-06-05 08:26:28 -03:00
Mariusz Felisiak
87a4cd559b [4.2.x] Fixed -- Fixed serialization crash on m2m fields without natural keys when base querysets use select_related().
Regression in 19e0587ee596debf77540d6a08ccb6507e60b6a7.

Thanks Martin Svoboda for the report.
Backport of f9936deed1ff13b20e18bd9ca2b0750b52706b6c from main
2023-06-04 20:49:40 +02:00
Simon Charette
738386470d [4.2.x] Fixed -- Fixed QuerySet.only() crash on reverse relationships.
Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879.

Thanks Ian Cubitt for the report.

This also corrected test_inheritance_deferred2() test which was
previously properly defined and marked as an expected failure but was
then wrongly adjusted to mask the lack of support for per-alias
deferral that was fixed by .

Backport of 2cf76f2d5d1aa16acfadaf53db3d30128a34b088 from main
2023-06-01 20:27:06 +01:00
David Sanders
91f8df5c2e [4.2.x] Fixed -- Reverted "Refs -- Improved adapting DecimalField values to decimal."
This reverts 7990d254b0af158baf827fafbd90fe8e890f23bd.

Thanks Marc Odermatt for the report.
Backport of 0c1518ee429b01c145cf5b34eab01b0b92f8c246 from main
2023-05-24 11:00:21 +02:00
Simon Charette
c78a4421de [4.2.x] Fixed -- Fixed QuerySet.aggregate() crash when referencing subqueries.
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7.

Refs .

Thanks Denis Roldán and Mariusz for the test.

Backport of e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4 from main
2023-05-23 07:39:24 +02:00
Simon Charette
57f499e412 [4.2.x] Refs -- Fixed QuerySet.aggregate() crash on precending aggregation reference.
Regression in 1297c0d0d76a708017fe196b61a0ab324df76954.

Refs .

Backport of 2ee01747c32a7275a7a1a5f7862acba7db764921 from main
2023-05-23 07:39:18 +02:00
Sarah Boyce
37ba4c3a94 [4.2.x] Fixed references to django.core.cache in docs.
Backport of c3862735cd8c268e99fb8d54c3955aacc4f2dc25 from main
2023-05-22 14:02:28 +02:00
gtleee
6b76481fb9 [4.2.x] Fixed -- Removed usage of nonexistent stylesheet in the 'Congrats' page.
Regression in d46cc15c51219c3418e0287bf018c5ba1346f825.

Backport of 0a324f1b66b9b948041b1c557fc18b3fb40743c4 from main
2023-05-22 11:52:03 +02:00
Simon Charette
e1c00f8b36 [4.2.x] Fixed -- Avoided unnecessary computation of selected expressions in SQLCompiler.
Performance regression in 278881e37619278789942513916acafaa88d26f3.

Co-authored-by: David Smith <smithdc@gmail.com>

Backport of 98f6ada0e2058d67d91fb6c16482411ec2ca0967 from main
2023-05-22 07:57:05 +02:00
Mariusz Felisiak
cdd970ae22 [4.2.x] Fixed -- Made makemigrations --update respect --name option.
Thanks David Sanders for the report.
Backport of c52f4295f254e1c14af769d22b1a5f516a941f58 from main
2023-05-17 13:15:30 +02:00
Simon Charette
201d29b371 [4.2.x] Fixed -- Silenced noop deferral of many-to-many and GFK.
While deferring many-to-many and GFK has no effect, the previous
implementation of QuerySet.defer() ignore them instead of crashing.

Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879.

Thanks Paco Martínez for the report.

Backport of 99e5dff737cd20b12d060e4794e097063b61ec40 from main
2023-05-17 08:39:44 +02:00
Julie Rymer
9c301814b0 [4.2.x] Fixed -- Restored get_prep_value() call when adapting JSONFields.
Regression in 5c23d9f0c32f166c81ecb6f3f01d5077a6084318.

Backport of 0ec60661e61b153e6bcec64649b1b7f524eb3e18 from main
2023-05-16 11:02:33 +02:00
Mariusz Felisiak
e0d8981139 [4.2.x] Fixed -- Avoided DBMS_LOB.SUBSTR() wrapping with IS NULL condition on Oracle.
Regression in 09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca.

Thanks Michael Smith for the report.

This also reverts commit 1e4da439556cdd69eb9f91e07f99cf77997e70d2.
Backport of 1586a09b7949bbb7b0d84cb74ce1cadc25cbb355 from main
2023-05-08 19:35:20 +02:00
Mariusz Felisiak
2756c69601 [4.2.x] Added CVE-2023-31047 to security archive.
Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main
2023-05-03 15:21:47 +02:00