Mariusz Felisiak
af10e97531
Added stub release notes for Django 3.2.8.
2021-09-01 09:48:32 +02:00
Carlton Gibson
947bdec60c
Added stub release notes for Django 3.2.7.
2021-08-02 08:41:29 +02:00
Mariusz Felisiak
bcea1a3193
Added stub release notes for Django 3.2.6.
2021-07-01 09:43:15 +02:00
Mariusz Felisiak
8e97698d7b
Added stub release notes for 3.1.13 and release date for 3.2.5.
2021-07-01 06:52:41 +02:00
Carlton Gibson
ba10772bf6
Added stub release notes for Django 3.2.5.
2021-06-02 11:25:32 +02:00
Carlton Gibson
b46dbd4e3e
Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-05-26 10:16:05 +02:00
Mariusz Felisiak
820408d842
Added stub release notes for Django 3.2.4.
2021-05-13 09:42:26 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
.
2021-05-13 08:53:44 +02:00
Mariusz Felisiak
29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Carlton Gibson
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Carlton Gibson
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
Mariusz Felisiak
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
Mariusz Felisiak
e0f82d7992
Added stub release notes for 3.1.8.
2021-02-25 20:27:10 +01:00
Nick Pope
0ad9fa02e0
Refs CVE-2021-23336 -- Updated tests and release notes for affected versions.
2021-02-19 09:03:06 +01:00
Mariusz Felisiak
8d3c3a5717
Added stub release notes for 3.1.7.
2021-02-01 10:51:16 +01:00
Mariusz Felisiak
05413afa8c
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
Mariusz Felisiak
8774b1144c
Added stub release notes for 4.0.
2021-01-14 17:50:04 +01:00
Carlton Gibson
966ed414b2
Added stub release notes for 3.1.6.
2021-01-04 08:58:03 +01:00
Mariusz Felisiak
adb40d217e
Added stub release notes for 3.1.5.
2020-12-01 07:12:49 +01:00
Carlton Gibson
c8785b473f
Added stub release notes for 3.1.4.
2020-11-02 09:20:53 +01:00
Mariusz Felisiak
e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility.
2020-10-13 08:35:01 +02:00
Mariusz Felisiak
85fa24e3eb
Added stub release notes for 3.1.3.
2020-10-01 07:52:45 +02:00
Carlton Gibson
7a60670b78
Added stub release notes for 3.1.2.
2020-09-01 10:45:12 +02:00
Mariusz Felisiak
8a5683b6b2
Added stub release notes for 2.2.16 and 3.0.10.
2020-08-11 10:31:44 +02:00
Mariusz Felisiak
6c19230297
Added stub release notes for 3.1.1.
2020-08-04 10:34:38 +02:00
Mariusz Felisiak
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
Mariusz Felisiak
c2a835703f
Added stub release notes for 3.0.9.
2020-07-01 07:00:43 +02:00
Mariusz Felisiak
926148ef01
Fixed #31654 -- Fixed cache key validation messages.
2020-06-05 07:21:52 +02:00
Carlton Gibson
7ec2658e1e
Added stub release notes for 3.0.8.
2020-06-03 10:54:29 +02:00
Mariusz Felisiak
50798d4389
Added stub release notes for 2.2.13.
2020-05-14 06:22:54 +02:00
Mariusz Felisiak
3b94f12462
Added stub release notes for 3.2.
2020-05-13 09:07:51 +02:00
Mariusz Felisiak
8e8ff38cb8
Added stub release notes for 3.0.7.
2020-05-04 07:38:35 +02:00
Carlton Gibson
a7e4ff370c
Added stub release notes for 3.0.6.
2020-04-01 10:09:43 +02:00
Carlton Gibson
a4200e958d
Added stub release notes for 2.2.12.
2020-03-10 12:01:01 +01:00
Mariusz Felisiak
1b3a900a69
Added stub release notes for 3.0.5.
2020-03-04 10:56:07 +01:00
Mariusz Felisiak
6695d29b1c
Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
...
Thanks to Norbert Szetei for the report.
2020-03-04 09:04:50 +01:00
Mariusz Felisiak
7e8339748c
Added stub release notes for 2.2.11.
2020-02-10 08:18:58 +01:00
Carlton Gibson
273918c25b
Added stub release notes for 3.0.4.
2020-02-03 10:23:54 +01:00
Simon Charette
eb31d84532
Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
2020-02-03 08:49:13 +01:00
Mariusz Felisiak
69331bb851
Added stub release notes for 3.0.3.
2020-01-02 08:36:08 +01:00
Mariusz Felisiak
50a69efb2e
Added stub release notes for 3.0.2.
2019-12-18 10:51:57 +01:00
Mariusz Felisiak
ec12c37384
Refs #31073 -- Added release notes for 02eff7ef60
.
2019-12-11 10:07:41 +01:00
Mariusz Felisiak
908c67e719
Added stub release notes for 3.0.1.
2019-12-02 21:43:59 +01:00
Mariusz Felisiak
e9def97d10
Added stub release notes for 2.1.15.
2019-11-19 12:33:39 +01:00
Mariusz Felisiak
30359496a3
Added stub release notes for 2.2.8 release.
2019-11-12 14:37:59 +01:00
Mariusz Felisiak
84322a29ce
Added stub release notes for 1.11.26 and 2.1.14.
2019-10-02 07:49:47 +02:00
Carlton Gibson
e1c1eaf0c6
Added stub release notes for 2.2.7.
2019-10-01 10:43:30 +02:00
Mariusz Felisiak
bd7e0f81f8
Added stub release notes for 1.11.25 and 2.1.13.
2019-09-16 07:37:47 +02:00
Mariusz Felisiak
32796826bb
Added stub release notes for 3.1.
2019-09-10 12:00:56 +02:00
Mariusz Felisiak
0d4529d314
Added stub release notes for 2.2.6.
2019-09-04 08:02:32 +02:00
Mariusz Felisiak
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Mariusz Felisiak
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
Carlton Gibson
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
Mariusz Felisiak
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
Mariusz Felisiak
30b3ee9d0b
Added stub release notes for security releases.
2019-07-01 06:57:27 +02:00
Mariusz Felisiak
1f81e2df69
Added stub release notes for 2.2.3.
2019-06-05 06:57:44 +02:00
Carlton Gibson
98c0fe19ee
Added stub release notes for security releases.
2019-06-03 10:48:52 +02:00
Mariusz Felisiak
30dd43884e
Added stub release notes for 2.2.2.
2019-05-08 14:41:16 +02:00
Mariusz Felisiak
e6588aa4e7
Added stub release notes for 2.2.1.
2019-04-03 08:26:05 +02:00
Tim Graham
e245046bb6
Added stub 2.1.8 release notes.
2019-03-30 12:55:30 -04:00
Tim Graham
1b8f552b08
Refs #30177 -- Forwardported 2.0.13 release notes.
2019-02-11 15:45:04 -05:00
Carlton Gibson
b39bd0aa6d
Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases.
2019-02-11 15:46:33 +01:00
Carlton Gibson
5cc6f02f91
Added stub release notes for security releases.
2019-02-07 15:46:53 +01:00
Tim Graham
eb0ce6fa36
Added stub release notes for 3.0.
2019-01-17 10:50:25 -05:00
Tim Graham
36fceeec88
Added stub 2.1.6 release notes.
2019-01-08 08:57:22 -05:00
Tom Hacohen
1ecc0a395b
Fixed #30070 , CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
...
Co-Authored-By: Tim Graham <timograham@gmail.com>
2019-01-03 21:21:55 -05:00
Carlton Gibson
196b420fcb
Added stub release notes for 2.1.5 release.
2018-12-04 16:21:38 +01:00
Carlton Gibson
74ddd0e83b
Added stub release notes for 2.1.4 release.
2018-11-01 15:48:28 +01:00
Carlton Gibson
dc28c0faf3
Added stub release notes for 2.1.3 release.
2018-10-01 11:48:11 +02:00
Carlton Gibson
2e86710dac
Added stub release notes for 2.0.10 release.
2018-10-01 11:46:38 +02:00
Carlton Gibson
7040e638b9
Added stub release notes for 1.11.17 release.
2018-10-01 11:44:36 +02:00
Carlton Gibson
728ee98cd3
Added stub release notes for 2.1.2.
2018-08-31 11:01:29 +02:00
Michael Sanders
271542dad1
Fixed #29499 -- Fixed race condition in QuerySet.update_or_create().
...
A race condition happened when the object didn't already exist and
another process/thread created the object before update_or_create()
did and then attempted to update the object, also before update_or_create()
saved the object. The update by the other process/thread could be lost.
2018-08-02 17:07:48 -04:00
Tim Graham
25dd595742
Added stub release notes for 2.1.1.
2018-08-01 11:13:37 -04:00
Tim Graham
7dbe7aa0b6
Added stub release notes for security releases.
2018-08-01 09:28:42 -04:00
Tim Graham
2c3f198946
Added stub release notes for 2.0.8.
2018-07-03 20:05:53 -04:00
Carlton Gibson
acae120680
Added stub release notes for 2.0.6.
2018-06-08 08:40:04 +02:00
Tim Graham
8a6fcfdc77
Added stub release notes for 1.11.14.
2018-05-31 10:15:39 -04:00
Tim Graham
74a313942c
Added stub 2.2 release notes.
2018-05-17 11:05:40 -04:00
Tim Graham
c02953ebbc
Added stub release notes for 2.0.6.
2018-05-01 22:01:48 -04:00
Tim Graham
b2678468ae
Added stub release notes for 1.11.13.
2018-04-03 15:03:44 -04:00
Tim Graham
87639adcd1
Added stub release notes for 2.0.5.
2018-04-02 23:05:29 -04:00
Tim Graham
8d67c7cffd
Added stub release notes for 1.11.12.
2018-03-19 09:49:16 -04:00
Tim Graham
f0d6f01fbe
Added stub release notes for 2.0.4.
2018-03-06 13:25:20 -05:00
Tim Graham
4d2a2c83c7
Added stub release notes for security releases.
2018-03-06 08:30:34 -05:00
Simon Charette
7515e1f3fc
Added stub release notes for 2.0.3.
2018-02-05 10:12:47 -05:00
Tim Graham
cea5fe94c6
Added stub release notes for 1.11.10.
2018-01-13 09:18:13 -05:00
Tim Graham
0f5a741ada
Added stub release notes for 2.0.2.
2018-01-01 20:09:48 -05:00
Tim Graham
dfeb19121b
Added stub release notes for 1.11.9.
2017-12-05 10:54:33 -05:00
Tim Graham
450c933fff
Added stub release notes for 2.0.1.
2017-12-02 10:41:35 -05:00
Tim Graham
ef718a72b3
Added stub release notes for 1.11.8.
2017-11-01 21:33:51 -04:00
Tim Graham
fd4698fe3f
Added stub release notes for 1.11.7.
2017-10-05 14:44:50 -04:00
Tim Graham
deb592b3e3
Added stub 2.1 release notes.
2017-09-22 12:51:17 -04:00
Tim Graham
1b86088f6f
Added stub release notes for 1.11.6.
2017-09-05 16:13:46 -04:00
Tim Graham
73b6d02747
Added stub release notes for security releases.
2017-09-05 10:58:38 -04:00
Tim Graham
53d2534b38
Added stub release notes for 1.11.5.
2017-08-01 08:46:23 -04:00
Tim Graham
2328f2faf8
Added stub release notes for 1.11.4.
2017-07-01 19:37:43 -04:00
Tim Graham
4ef093b0b4
Added stub release notes for 1.11.3.
2017-06-01 11:19:43 -04:00