mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-21 07:44:36 +00:00
Code Issues 32 Releases Wiki Activity
29,290 Commits 29 Branches 441 Tags
Commit Graph

3889 Commits

Author SHA1 Message Date
Florian Apolloner
c98f446c18 [3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:43:52 +02:00
Carlton Gibson
bac416972d [3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated. 
Backport of 907d3a7ff4e12ad4ccc86af26a728007fe4d6fa2 from main
 2021-04-29 15:14:15 +02:00
Simon Charette
d5add5d3a2 [3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction. 
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94.

Backport of c8b659430556dca0b2fe27cf2ea0f8290dbafecd from main
 2021-04-28 20:27:42 +02:00
Konstantin Alekseev
55cb3c8ac1 [3.2.x] Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL. 
Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3.

Backport of 6e742dabc95b00ba896434293556adeb4dbaee8a from main.
 2021-04-27 12:02:06 +02:00
Mariusz Felisiak
34981f399a [3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates. 
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d
revealed a possible data loss issue in the admin.

Backport of 187118203197801c6cb72dc8b06b714b23b6dd3d from main
 2021-04-27 10:39:55 +02:00
Zain Patel
0dfe88eaba [3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template. 
Regression in 84609b3205905097d7d3038d32e6101f012c0619.

Backport of 4e5bbb6ef2287126badd32842b239f4a8a7394ca from main.
 2021-04-26 12:52:33 +02:00
Simon Charette
48e19bae49 [3.2.x] Fixed #32650 -- Fixed handling subquery aliasing on queryset combination. 
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but
sql.Query.combine never properly handled subqueries outer refs in the
first place, see QuerySetBitwiseOperationTests.test_subquery_aliases()
(refs #27149).

Thanks Raffaele Salmaso for the report.

Backport of 6d0cbe42c3d382e5393d4af48185c546bb0ada1f from main
 2021-04-21 10:32:39 +02:00
Mariusz Felisiak
1cc2eaf02d [3.2.x] Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples. 
Thanks Jared Lockhart for the report.

Regression in c36075ac1dddfa986340b1a5e15fe48833322372.
Backport of 34d1905712d33e72c76b3a55a4fc24abbd11be6c from main
 2021-04-21 09:42:43 +02:00
Carlton Gibson
54d5bfa9c5 [3.2.x] Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist. 
Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b.

Backport of 5c73fbb6a93ee214678f02ba4027f18dff49337b from main
 2021-04-21 09:08:34 +02:00
Florian Apolloner
539d005aa5 [3.2.x] Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format. 
Thanks Jan Pieter Waagmeester for the report.

Regression in 2d6179c819010f6a9d00835d5893c4593c0b85a0.

Backport of 4511d1459810037b91faa5b506e4f75c77aa72be from main.
 2021-04-15 07:58:48 +02:00
Mariusz Felisiak
208e72276a [3.2.x] Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB. 
Thanks Matt Westcott for the report.

Regression in 779e615e362108862f1681f965ee9e4f1d0ae6d2.
Backport of ca9872905559026af82000e46cde6f7dedc897b6 from main
 2021-04-14 21:13:27 +02:00
Jonathan Richards
d0267690f8 [3.2.x] Fixed #32548 -- Fixed crash when combining Q() objects with boolean expressions. 
Backport of 00b0786de533dbb3f6208d8d5eaddbf765b4e5b8 from main.

Regression in 466920f6d726eee90d5566e0a9948e92b33a122e.
 2021-04-14 19:46:45 +02:00
Arthur Jovart
65dfb06a1a [3.2.x] Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template. 
Backport of 08c60cce3b13f6e60d7588206da2d3c71228f378 from main
 2021-04-14 19:44:10 +02:00
Mariusz Felisiak
59cce8237c [3.2.x] Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes. 
Thanks Dlis for the report.

Regression in 26a413507abb38f7eee4cf62f2ee9727fdc7bf8d.
Backport of 23fa29f6a6659e0f600d216de6bcb79e7f6818c9 from main
 2021-04-14 12:24:11 +02:00
Hasan Ramezani
700356f93b [3.2.x] Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition. 
Regression in b7b7df5fbcf44e6598396905136cab5a19e9faff.

Thanks Szymon Zmilczak for the report.

Backport of a77c9a4229cfef790ec18001b2cd18bd9c4aedbc from main
 2021-04-14 10:32:07 +02:00
Mariusz Felisiak
d6314c4c2e [3.2.x] Fixed #32637 -- Restored exception message on technical 404 debug page. 
Thanks Atul Varma for the report.
Backport of 3b8527e32b665df91622649550813bb1ec9a9251 from main
 2021-04-13 09:15:25 +02:00
Iuri de Silvio
b245845575 [3.2.x] Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns. 
Backport of 9760e262f85ae57df39abe2799eff48a82b14474 from main
 2021-04-13 06:16:19 +02:00
Adam Johnson
49e618f4af [3.2.x] Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD. 
Backport of 45a58c31e64dbfdecab1178b1d00a3803a90ea2d from main
 2021-04-08 13:44:21 +02:00
Carlton Gibson
55da04488e [3.2.x] Corrected release number format in 3.2.1 release notes. 
Backport of 3f2920ae1d91e67ebf677d407da528c04188384e from main
 2021-04-07 19:45:29 +02:00
Claude Paroz
5eb17d31c3 [3.2.x] Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9. 
Backport of e3cfba0029516aafe40f963378e234df2c0d33bb from main.
 2021-04-07 17:04:10 +02:00
Carlton Gibson
a3a4a0baa3 [3.2.x] Corrected wrapping in 3.2 release notes. 
Partially reverts 0802b404a210862e6765a6c7dee6cba61085d7a6.
Backport of 5b05a45c62f4702a6039cd3de290320c232cb808 from main
 2021-04-07 07:28:09 +02:00
Carlton Gibson
2e8ff5f902 [3.2.x] Added stub release notes for Django 3.2.1. 
Backport of df0a9e6d5ce00fc7890545d854dbea876bd07d9b from main
 2021-04-06 11:50:23 +02:00
Carlton Gibson
8df29fc733 [3.2.x] Added release date for Django 3.2. 
Adjusted wrapping in release notes where needed.

Backport of 0802b404a210862e6765a6c7dee6cba61085d7a6 from main
 2021-04-06 11:21:32 +02:00
Carlton Gibson
011b92ce98 [3.2.x] Updated asgiref dependency for 3.2 release series. 
Backport of 5aea50e57f6c1bd725db36a0664e21b2be91b591 from main
 2021-04-06 10:43:40 +02:00
Mariusz Felisiak
29e2df24e7 [3.2.x] Added CVE-2021-28658 to security archive. 
Backport of 1eac8468cbde790fecb51dd055a439f4947d01e9 from main
 2021-04-06 09:45:23 +02:00
Mariusz Felisiak
2820fd1be5 [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
 2021-04-06 08:24:01 +02:00
William Schwartz
a118564ae1 [3.2.x] Refs #32105 -- Moved ExceptionReporter template paths to properties. 
Refs #32316.

Backport of 7248afe12f40361870388ecdd7e0038eb0d58e47 from main
 2021-03-31 09:11:39 +02:00
Adam Johnson
46bdc3eaf0 [3.2.x] Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error. 
Backport of 45814af6197cfd8f4dc72ee43b90ecde305a1d5a from main
 2021-03-17 21:51:27 +01:00
Jacob Walls
230d5b16b2 [3.2.x] Fixed typos in assertQuerysetEqual() docs and 1.6 release notes. 
Backport of 0c7e880e13b837dd76276c04ebdc338bb76d1379 from master
 2021-02-26 09:11:57 +01:00
Mariusz Felisiak
904a889ccc [3.2.x] Added stub release notes for 3.1.8. 
Backport of e0f82d7992ad7085dcf4ed096a6ad2e3ad89eaae from master
 2021-02-25 20:49:18 +01:00
Markus Holtermann
76873b830c [3.2.x] Updated links to DEPs. 
Backport of 7cc6899d4176539e5d59a2e921b938904d3a8944 from master
 2021-02-25 17:27:32 +01:00
Carlton Gibson
06905243a3 [3.2.x] Added CVE-2021-23336 to security archive. 
Backport of ab58f072502e86dfe21b2bd5cccdc5e94dce8d26 from master
 2021-02-19 11:03:38 +01:00
Nick Pope
be8237c7cc [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl(). 2021-02-19 09:15:09 +01:00
Nick Pope
6897da6096 [3.2.x] Added documentation extlink for bugs.python.org. 
Backport of d02d60eb0f032c9395199fb73c6cd29ee9bb2646 from master
 2021-02-17 14:25:54 +01:00
Hasan Ramezani
dd14e639ad [3.2.x] Fixed #32431 -- Reversed order of security issues history. 
Backport of 17a5e2cff606305fd819a024cf9f450f90202a6f from master
 2021-02-10 16:03:24 +01:00
Dan Swain
afe34e7237 [3.2.x] Fixed typos in 3.2 release notes. 
Backport of e17bdb953a72f1eae76a914a21ce4e83d3e3b608 from master
 2021-02-04 09:56:58 +01:00
Mariusz Felisiak
7d65889345 [3.2.x] Fixed #32403 -- Fixed re-raising DatabaseErrors when using only 'postgres' database. 
Thanks Kazantcev Andrey for the report.

Regression in f48f671223a20b161ca819cf7d6298e43b8ba5fe.
Backport of f131841c601b9d4884adcdb284b4213c2ad89231 from master
 2021-02-02 21:35:35 +01:00
Mariusz Felisiak
b62e767b88 [3.2.x] Added stub release notes for 3.1.7. 
Backport of 8d3c3a57174a072479978d60f5ecdb9fd3c2fd23 from master
 2021-02-01 10:55:07 +01:00
Mariusz Felisiak
10b25e6722 [3.2.x] Added CVE-2021-3281 to security archive. 
Backport of f749148d62ece28d208ab66b109f858215ba090a from master
 2021-02-01 10:45:47 +01:00
Mariusz Felisiak
f944f79e55 [3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
 2021-02-01 09:13:37 +01:00
Denis Skulimovskiy
d83249b0b9 [3.2.x] Fixed #32391 -- Used CSS flex properties for changelist filter. 
Matched layout adjustment using flex from admin sidebar added in
d24ba1be7a53a113d19e2860c03aff9922efec24.

Filters would become squashed when viewport was
constrained or list display table became too wide.

Backport of 269a76714616fd7ad166a14113f3354bab8d9b65 from master
 2021-01-28 15:52:59 +01:00
Carlton Gibson
4dbbe37479 [3.2.x] Fixed #32348, Refs #29087 -- Corrected tutorial for updated deleting inlines UI. 
Updated tutorial to match change in 24e540fbd71bd2b0843e751bde61ad0052a811b3
allowing deletion of original extra inlines.

Backport of f4272d000af598018247fe9687dac0fd02a29a7c from master
 2021-01-27 08:47:27 +01:00
Paul Ganssle
a5d70cca12 [3.2.x] Refs #32365 -- Allowed use of non-pytz timezone implementations. 
Backport of 10d126198434810529e0220b0c6896ed64ca0e88 from master
 2021-01-19 12:00:40 +01:00
Carlton Gibson
75182a800a Removed empty sections and adjusted 3.2 release notes. 2021-01-14 14:58:28 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers. 
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
 2021-01-14 11:20:28 +01:00
Hannes Ljungberg
ffe756d624 Refs #26167 -- Changed default value of DatabaseFeatures.supports_expression_indexes to True. 2021-01-14 08:32:26 +01:00
mimi89999
b5cef91a91 Fixed #31259 -- Added admin dark theme. 2021-01-14 08:27:29 +01:00
Nick Pope
9204485396
Fixed #16117 -- Added decorators for admin action and display functions. 
Refs #25134, #32099.
 2021-01-13 17:19:22 +01:00
Hannes Ljungberg
83fcfc9ec8 Fixed #26167 -- Added support for functional indexes. 
Thanks Simon Charette, Mads Jensen, and Mariusz Felisiak for reviews.

Co-authored-by: Markus Holtermann <info@markusholtermann.eu>
 2021-01-13 11:47:50 +01:00
Paolo Melchiorre
c412d9af7e
Fixed #32291 -- Added fixtures compression support to dumpdata. 2021-01-12 15:47:58 +01:00