mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-12 05:39:11 +00:00
Code Issues 32 Releases Wiki Activity
30,209 Commits 29 Branches 451 Tags
Commit Graph

4134 Commits

Author SHA1 Message Date
Mariusz Felisiak
00b0fc50e1 [4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:02:58 +02:00
Mariusz Felisiak
800828887a [4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:02:14 +02:00
Manel Clos
78e553b48a [4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9e88c40fc00d848799813241be39129.

Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
 2022-04-11 08:29:10 +02:00
Mariusz Felisiak
7700084142 [4.0.x] Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:50:15 +02:00
Mariusz Felisiak
7d540d67a8 [4.0.x] Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379.

Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379.
Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
 2022-03-30 07:32:38 +02:00
Mariusz Felisiak
f62816bfc6 [4.0.x] Updated Oracle docs links to Oracle 21c. 
Backport of 83c803f161044fbfbfcd9a0c94ca93dc131be662 from main
 2022-03-29 09:43:03 +02:00
Mariusz Felisiak
1af06ffaa5 [4.0.x] Added missing backticks to function names. 
Backport of 39ae8d740e30c18e46873cf82aff76588f1974c7 from main
 2022-03-17 11:10:49 +01:00
Carlton Gibson
d8b437b1fb [4.0.x] Added stub release notes for Django 4.0.4. 
Backport of 9652a118ce8c1cbe1f7cf7a4423adb7c5c50757d from main
 2022-03-01 09:59:18 +01:00
Carlton Gibson
c33413589d [4.0.x] Updated release date for version 4.0.3. 
Backport of 47143e27d4402b62068bf9eb84aa6dd93d3d4678 from main
 2022-03-01 09:33:34 +01:00
Mariusz Felisiak
82f25266bf [4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c826673be9ea519acc86fd898631d1a11356.

Thanks David Glenck for the report.
Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
 2022-03-01 08:10:35 +01:00
Mariusz Felisiak
760b7e7f4f [4.0.x] Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd.

Refs #23916.
Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
 2022-02-16 21:10:30 +01:00
Carlton Gibson
9a7755fa2d [4.0.x] Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of ba94488196a74e312177ef2621fbd427956836ef from main
 2022-02-08 12:01:30 +01:00
David Smith
7043f9ab3f [4.0.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main
 2022-02-02 07:18:43 +01:00
Mariusz Felisiak
1c74ac8648 [4.0.x] Added stub release notes for 4.0.3. 
Backport of ba4a6880d1783190de4081bd456d934beb45cb19 from main
 2022-02-01 09:12:57 +01:00
Mariusz Felisiak
69dfc6e61a [4.0.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:53:10 +01:00
Mariusz Felisiak
f9c7d48fdd [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:44:49 +01:00
Markus Holtermann
0142204606 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:43:45 +01:00
Kirill Safronov
6928227dff [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
 2022-02-01 07:33:22 +01:00
Mariusz Felisiak
aff79be03a [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
 2022-01-31 11:34:29 +01:00
Claude Paroz
7a1c6533eb
[4.0.x] Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
 2022-01-29 18:59:17 +01:00
Mariusz Felisiak
7c2d4d943b [4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce9f6155bb55610ad6b4580d31263557.
Backport of e972620ada4f9ed7bc57f28e133e85c85b0a7b20 from main
 2022-01-27 18:52:35 +01:00
Carlton Gibson
f82ca84f77 [4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS. 
Regression in 5942ab5eb165ee2e759174e297148a40dd855920.

Backport of 85f2a9fb0f0973930abc84a725bc30703aa3d98b from main
 2022-01-26 10:04:08 +01:00
Mariusz Felisiak
c28a41f4f1 [4.0.x] Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main
 2022-01-25 07:26:37 +01:00
Fabian Büchler
b32080219e [4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of eeff1787b0aa23016e4844c0f537d5093a95a356 from main
 2022-01-21 08:46:14 +01:00
Keryn Knight
c8a6bf951b [4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views. 
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1.

Backport of f4b06a3cc1e54888ff86f36a1f9a3ddf21292314 from main
 2022-01-10 18:39:59 +01:00
Keryn Knight
2ea0321058 [4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page. 
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b.

Backport of 2a66c102d9c674fadab252a28d8def32a8b626ec from main
 2022-01-08 14:54:10 +01:00
David
c959aa99aa [4.0.x] Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe. 
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Thanks Matt Westcott for the report.

Backport of 4c60c3edff4312303e1021fca47ed52c2152d285 from main
 2022-01-07 16:12:15 +01:00
Petter Friberg
11475958f6 [4.0.x] Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks(). 
Regression in d89f976bddb49fb168334960acc8979c3de991fa.

Backport of bc174e6ea0ce676c5a7f467bda9739e6ef6b6186 from main
 2022-01-07 16:12:01 +01:00
Carlton Gibson
24fce7d134 [4.0.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 
Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
 2022-01-04 11:30:40 +01:00
Carlton Gibson
6f9a994c47 [4.0.x] Added stub release notes for Django 4.0.2. 
Backport of f38c66b55504dfe0b7ca15b0b4ced9430abc7eaa from main
 2022-01-04 11:11:20 +01:00
Florian Apolloner
e1592e0f26 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:10:14 +01:00
Florian Apolloner
2a8ec7f546 [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Florian Apolloner
df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Carlton Gibson
c9ec72ea1b [4.0.x] Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
 2021-12-28 10:08:54 +01:00
Mariusz Felisiak
b5f60ef5a7 [4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4. 
psycopg2 2.8.4 is the first release to support Python 3.8.
Backport of ca04659b4b3f042c1bc7e557c25ed91e3c56c745 from main
 2021-12-22 20:33:49 +01:00
Brenton Partridge
b85ceaaba6 [4.0.x] Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64. 
Backport of 19fb838803f63eef0726a370050443b693f109be from main
 2021-12-21 13:36:08 +01:00
Simon Charette
7e6a2e3b45 [4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector. 
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.

This likely slipped under the radar for so long and only regressed in
b9df2b74b98b4d63933e8061d3cfc1f6f39eb747 because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.

Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.

Backport of 43289707809c814a70f0db38ca4f82f35f43dbfd from main
 2021-12-17 10:00:33 +01:00
Mariusz Felisiak
c1d2e8b9b8 [4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest. 
Regression in 3fd82a62415e748002435e7bad06b5017507777c.

Thanks Terence Honles for the report.
Backport of 40165eecc40f9e223702a41a0cb0958515bb1f82 from main
 2021-12-16 20:14:17 +01:00
Jeremy Lainé
3b03bce122 [4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans. 
Backport of 2f33217ea2cad688040dd6044cdda946c62e5b65 from main
 2021-12-14 08:46:16 +01:00
Baptiste Mispelon
15031852c5 [4.0.x] Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form". 
Thanks OutOfFocus4 for the report.

Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Backport of cb383753c0e0eb52306e1024d32a782549c27e61 from main.
 2021-12-08 21:13:00 +01:00
Nick Pope
b7f2afa8de [4.0.x] Improved release notes wording for template-based form rendering. 
Backport of dfdf1c68645627f54259dbe25f5b42329ee83b5d from main
 2021-12-07 13:35:03 +01:00
Mariusz Felisiak
81a90b5bc3 [4.0.x] Added stub release notes for 4.0.1. 
Backport of adef3d975e55c55b020c2f357d82c2db11e58450 from main
 2021-12-07 10:42:26 +01:00
Mariusz Felisiak
0f4fa0caee [4.0.x] Finalized release notes for Django 4.0. 
Backport of d7bd9eb6cda0aff4634cbb453622b24a98933463 from main
 2021-12-07 10:03:39 +01:00
Mariusz Felisiak
01c0fb9d19 [4.0.x] Updated asgiref dependency for 4.0 release series. 
Backport of 513441240f874dd0b6187c0c6aaa3e8eccd8ddbe from main
 2021-12-07 09:55:18 +01:00
Mariusz Felisiak
7f20e89453 [4.0.x] Added CVE-2021-44420 to security archive. 
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
 2021-12-07 08:53:48 +01:00
Florian Apolloner
20b9ad36ff [4.0.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
 2021-12-07 06:29:34 +01:00
Mariusz Felisiak
2c20883cb0 [4.0.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL. 
This makes models.BinaryField pickleable on PostgreSQL.

Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d.

Thanks Adam Zimmerman for the report.

Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
 2021-12-03 11:58:55 +01:00
Mariusz Felisiak
2fa95bfbd4 [4.0.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main
 2021-11-30 11:26:10 +01:00
Ryuji Tsutsui
5a61bdbb85 [4.0.x] Fixed typo in docs/releases/4.0.txt. 
Backport of b8c0b22f2f0f8ce664642332d6d872f300c662b4 from main
 2021-11-24 17:38:53 +01:00
jhisham
35c63c0513 [4.0.x] Added Malay language. 
Backport of 5e218cc0b704ebf64c460050a97b5fafe63e92b0 from main
 2021-11-18 22:05:27 +01:00