mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-13 14:19:21 +00:00
Code Issues 32 Releases Wiki Activity
30,293 Commits 29 Branches 451 Tags
Commit Graph

4165 Commits

Author SHA1 Message Date
Markus Holtermann
83f1ea83e4 [4.0.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
 2023-02-07 10:36:32 +01:00
Carlton Gibson
e5aecded4d [4.0.x] Added stub release notes for 4.0.10 and 3.2.18. 
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
 2023-02-07 10:13:28 +01:00
Mariusz Felisiak
7522f5d05a [4.0.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
 2023-02-01 12:10:34 +01:00
Nick Pope
4452642f19 [4.0.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:47:17 +01:00
Carlton Gibson
2d13db1b4a [4.0.x] Adjusted release notes for 4.0.9, and 3.2.17. 
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
 2023-01-25 12:28:59 +01:00
Carlton Gibson
d8767c8d25 [4.0.x] Added stub release notes for 4.0.9 and 3.2.17. 
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
 2023-01-25 12:00:54 +01:00
Carlton Gibson
07ccf43544 [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
 2022-10-04 10:12:59 +02:00
Adam Johnson
23f0093125 [4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-09-27 10:26:46 +02:00
Carlton Gibson
4a30e0db26 [4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
 2022-09-27 10:12:55 +02:00
Carlton Gibson
898f0aa44f [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-08-03 09:10:47 +02:00
Carlton Gibson
b7d9529cbe [4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. 
Thanks to Motoyasu Saburi for the report.
 2022-08-03 08:48:00 +02:00
Carlton Gibson
2eb7dedd8f [4.0.x] Adjusted version 4.0.7 release notes. 
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
 2022-08-03 08:37:50 +02:00
Carlton Gibson
b8b449fe20 [4.0.x] Adjusted release notes for 4.0.7 and 3.2.15. 
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
 2022-07-27 10:04:02 +02:00
Carlton Gibson
2c2b748d95 [4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:32:40 +02:00
Mariusz Felisiak
6a830bf900 [4.0.x] Added CVE-2022-34265 to security archive. 
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
 2022-07-04 10:34:15 +02:00
Mariusz Felisiak
90dc60d1a8 [4.0.x] Added stub release notes for 4.0.7. 
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
 2022-07-04 10:34:05 +02:00
Mariusz Felisiak
0dc9c016fa [4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:26:57 +02:00
Mariusz Felisiak
4d20d2f7c2 [4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
 2022-06-27 08:04:25 +02:00
Mariusz Felisiak
8a294ee2e0 [4.0.x] Added stub release notes and release date for 4.0.6 and 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:22:22 +02:00
Mariusz Felisiak
0f3b25044c [4.0.x] Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0. 
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd.
Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
 2022-06-21 09:11:06 +02:00
Carlton Gibson
fd68bfa652 [4.0.x] Added stub release notes for 4.0.6. 
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
 2022-06-01 14:40:58 +02:00
Carlton Gibson
1f1207ec69 [4.0.x] Updated release date for Django 4.0.5. 
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
 2022-06-01 12:26:49 +02:00
Sankalp
fe2e147846 [4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable. 
Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7.

Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8.

Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
 2022-05-21 14:38:53 +02:00
David Wobrock
4a86883e0a [4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters. 
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.

Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
 2022-05-19 07:53:06 +02:00
Mariusz Felisiak
5c6ebe19cc [4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. 
Thanks Ben Picolo for the report.
Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
 2022-05-16 06:18:49 +02:00
Carlton Gibson
5db5c33baa [4.0.x] Updated release date for Django 4.0.5. 
Backport of c5fd5e3cc3d767f5983d44b30df72a29c9c5de83 from main
 2022-05-03 09:19:46 +02:00
David
ed6940f0bf [4.0.x] Added backticks to code literals in various docs. 
Backport of 51874dd1605d0106c68e854572950d2b6f768fc1 from main.
 2022-04-28 11:17:57 +02:00
David
57e7a268b6 [4.0.x] Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 
Backport of 15b888bb833ca2519a90d5eef71e221f192ea7e1 from main
 2022-04-28 11:16:36 +02:00
David
1df71f8f89 [4.0.x] Changed "ie." to "i.e." in docs. 
Backport of 1c2bf80acb8c434a83a3d29d022dea586609f7b7 from main
 2022-04-28 11:16:12 +02:00
Mariusz Felisiak
bcfac538ae [4.0.x] Added stub release notes for 4.0.5. 
Backport of b54fd0e36eaf8d9dd398a84a6748d60f25793788 from main
 2022-04-11 10:53:46 +02:00
Mariusz Felisiak
fa20de5f54 [4.0.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. 
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
 2022-04-11 10:36:26 +02:00
Mariusz Felisiak
00b0fc50e1 [4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:02:58 +02:00
Mariusz Felisiak
800828887a [4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:02:14 +02:00
Manel Clos
78e553b48a [4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9e88c40fc00d848799813241be39129.

Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
 2022-04-11 08:29:10 +02:00
Mariusz Felisiak
7700084142 [4.0.x] Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:50:15 +02:00
Mariusz Felisiak
7d540d67a8 [4.0.x] Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379.

Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379.
Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
 2022-03-30 07:32:38 +02:00
Mariusz Felisiak
f62816bfc6 [4.0.x] Updated Oracle docs links to Oracle 21c. 
Backport of 83c803f161044fbfbfcd9a0c94ca93dc131be662 from main
 2022-03-29 09:43:03 +02:00
Mariusz Felisiak
1af06ffaa5 [4.0.x] Added missing backticks to function names. 
Backport of 39ae8d740e30c18e46873cf82aff76588f1974c7 from main
 2022-03-17 11:10:49 +01:00
Carlton Gibson
d8b437b1fb [4.0.x] Added stub release notes for Django 4.0.4. 
Backport of 9652a118ce8c1cbe1f7cf7a4423adb7c5c50757d from main
 2022-03-01 09:59:18 +01:00
Carlton Gibson
c33413589d [4.0.x] Updated release date for version 4.0.3. 
Backport of 47143e27d4402b62068bf9eb84aa6dd93d3d4678 from main
 2022-03-01 09:33:34 +01:00
Mariusz Felisiak
82f25266bf [4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c826673be9ea519acc86fd898631d1a11356.

Thanks David Glenck for the report.
Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
 2022-03-01 08:10:35 +01:00
Mariusz Felisiak
760b7e7f4f [4.0.x] Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd.

Refs #23916.
Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
 2022-02-16 21:10:30 +01:00
Carlton Gibson
9a7755fa2d [4.0.x] Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of ba94488196a74e312177ef2621fbd427956836ef from main
 2022-02-08 12:01:30 +01:00
David Smith
7043f9ab3f [4.0.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main
 2022-02-02 07:18:43 +01:00
Mariusz Felisiak
1c74ac8648 [4.0.x] Added stub release notes for 4.0.3. 
Backport of ba4a6880d1783190de4081bd456d934beb45cb19 from main
 2022-02-01 09:12:57 +01:00
Mariusz Felisiak
69dfc6e61a [4.0.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:53:10 +01:00
Mariusz Felisiak
f9c7d48fdd [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:44:49 +01:00
Markus Holtermann
0142204606 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:43:45 +01:00
Kirill Safronov
6928227dff [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
 2022-02-01 07:33:22 +01:00
Mariusz Felisiak
aff79be03a [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
 2022-01-31 11:34:29 +01:00