mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-12 05:39:11 +00:00
Code Issues 32 Releases Wiki Activity
30,249 Commits 29 Branches 451 Tags
Commit Graph

4149 Commits

Author SHA1 Message Date
Mariusz Felisiak
0dc9c016fa [4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:26:57 +02:00
Mariusz Felisiak
4d20d2f7c2 [4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
 2022-06-27 08:04:25 +02:00
Mariusz Felisiak
8a294ee2e0 [4.0.x] Added stub release notes and release date for 4.0.6 and 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:22:22 +02:00
Mariusz Felisiak
0f3b25044c [4.0.x] Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0. 
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd.
Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
 2022-06-21 09:11:06 +02:00
Carlton Gibson
fd68bfa652 [4.0.x] Added stub release notes for 4.0.6. 
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
 2022-06-01 14:40:58 +02:00
Carlton Gibson
1f1207ec69 [4.0.x] Updated release date for Django 4.0.5. 
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
 2022-06-01 12:26:49 +02:00
Sankalp
fe2e147846 [4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable. 
Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7.

Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8.

Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
 2022-05-21 14:38:53 +02:00
David Wobrock
4a86883e0a [4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters. 
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.

Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
 2022-05-19 07:53:06 +02:00
Mariusz Felisiak
5c6ebe19cc [4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. 
Thanks Ben Picolo for the report.
Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
 2022-05-16 06:18:49 +02:00
Carlton Gibson
5db5c33baa [4.0.x] Updated release date for Django 4.0.5. 
Backport of c5fd5e3cc3d767f5983d44b30df72a29c9c5de83 from main
 2022-05-03 09:19:46 +02:00
David
ed6940f0bf [4.0.x] Added backticks to code literals in various docs. 
Backport of 51874dd1605d0106c68e854572950d2b6f768fc1 from main.
 2022-04-28 11:17:57 +02:00
David
57e7a268b6 [4.0.x] Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 
Backport of 15b888bb833ca2519a90d5eef71e221f192ea7e1 from main
 2022-04-28 11:16:36 +02:00
David
1df71f8f89 [4.0.x] Changed "ie." to "i.e." in docs. 
Backport of 1c2bf80acb8c434a83a3d29d022dea586609f7b7 from main
 2022-04-28 11:16:12 +02:00
Mariusz Felisiak
bcfac538ae [4.0.x] Added stub release notes for 4.0.5. 
Backport of b54fd0e36eaf8d9dd398a84a6748d60f25793788 from main
 2022-04-11 10:53:46 +02:00
Mariusz Felisiak
fa20de5f54 [4.0.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. 
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
 2022-04-11 10:36:26 +02:00
Mariusz Felisiak
00b0fc50e1 [4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:02:58 +02:00
Mariusz Felisiak
800828887a [4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:02:14 +02:00
Manel Clos
78e553b48a [4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9e88c40fc00d848799813241be39129.

Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
 2022-04-11 08:29:10 +02:00
Mariusz Felisiak
7700084142 [4.0.x] Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:50:15 +02:00
Mariusz Felisiak
7d540d67a8 [4.0.x] Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379.

Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379.
Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
 2022-03-30 07:32:38 +02:00
Mariusz Felisiak
f62816bfc6 [4.0.x] Updated Oracle docs links to Oracle 21c. 
Backport of 83c803f161044fbfbfcd9a0c94ca93dc131be662 from main
 2022-03-29 09:43:03 +02:00
Mariusz Felisiak
1af06ffaa5 [4.0.x] Added missing backticks to function names. 
Backport of 39ae8d740e30c18e46873cf82aff76588f1974c7 from main
 2022-03-17 11:10:49 +01:00
Carlton Gibson
d8b437b1fb [4.0.x] Added stub release notes for Django 4.0.4. 
Backport of 9652a118ce8c1cbe1f7cf7a4423adb7c5c50757d from main
 2022-03-01 09:59:18 +01:00
Carlton Gibson
c33413589d [4.0.x] Updated release date for version 4.0.3. 
Backport of 47143e27d4402b62068bf9eb84aa6dd93d3d4678 from main
 2022-03-01 09:33:34 +01:00
Mariusz Felisiak
82f25266bf [4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c826673be9ea519acc86fd898631d1a11356.

Thanks David Glenck for the report.
Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
 2022-03-01 08:10:35 +01:00
Mariusz Felisiak
760b7e7f4f [4.0.x] Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd.

Refs #23916.
Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
 2022-02-16 21:10:30 +01:00
Carlton Gibson
9a7755fa2d [4.0.x] Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of ba94488196a74e312177ef2621fbd427956836ef from main
 2022-02-08 12:01:30 +01:00
David Smith
7043f9ab3f [4.0.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main
 2022-02-02 07:18:43 +01:00
Mariusz Felisiak
1c74ac8648 [4.0.x] Added stub release notes for 4.0.3. 
Backport of ba4a6880d1783190de4081bd456d934beb45cb19 from main
 2022-02-01 09:12:57 +01:00
Mariusz Felisiak
69dfc6e61a [4.0.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:53:10 +01:00
Mariusz Felisiak
f9c7d48fdd [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:44:49 +01:00
Markus Holtermann
0142204606 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:43:45 +01:00
Kirill Safronov
6928227dff [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
 2022-02-01 07:33:22 +01:00
Mariusz Felisiak
aff79be03a [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
 2022-01-31 11:34:29 +01:00
Claude Paroz
7a1c6533eb
[4.0.x] Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
 2022-01-29 18:59:17 +01:00
Mariusz Felisiak
7c2d4d943b [4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce9f6155bb55610ad6b4580d31263557.
Backport of e972620ada4f9ed7bc57f28e133e85c85b0a7b20 from main
 2022-01-27 18:52:35 +01:00
Carlton Gibson
f82ca84f77 [4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS. 
Regression in 5942ab5eb165ee2e759174e297148a40dd855920.

Backport of 85f2a9fb0f0973930abc84a725bc30703aa3d98b from main
 2022-01-26 10:04:08 +01:00
Mariusz Felisiak
c28a41f4f1 [4.0.x] Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main
 2022-01-25 07:26:37 +01:00
Fabian Büchler
b32080219e [4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of eeff1787b0aa23016e4844c0f537d5093a95a356 from main
 2022-01-21 08:46:14 +01:00
Keryn Knight
c8a6bf951b [4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views. 
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1.

Backport of f4b06a3cc1e54888ff86f36a1f9a3ddf21292314 from main
 2022-01-10 18:39:59 +01:00
Keryn Knight
2ea0321058 [4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page. 
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b.

Backport of 2a66c102d9c674fadab252a28d8def32a8b626ec from main
 2022-01-08 14:54:10 +01:00
David
c959aa99aa [4.0.x] Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe. 
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Thanks Matt Westcott for the report.

Backport of 4c60c3edff4312303e1021fca47ed52c2152d285 from main
 2022-01-07 16:12:15 +01:00
Petter Friberg
11475958f6 [4.0.x] Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks(). 
Regression in d89f976bddb49fb168334960acc8979c3de991fa.

Backport of bc174e6ea0ce676c5a7f467bda9739e6ef6b6186 from main
 2022-01-07 16:12:01 +01:00
Carlton Gibson
24fce7d134 [4.0.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 
Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
 2022-01-04 11:30:40 +01:00
Carlton Gibson
6f9a994c47 [4.0.x] Added stub release notes for Django 4.0.2. 
Backport of f38c66b55504dfe0b7ca15b0b4ced9430abc7eaa from main
 2022-01-04 11:11:20 +01:00
Florian Apolloner
e1592e0f26 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:10:14 +01:00
Florian Apolloner
2a8ec7f546 [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Florian Apolloner
df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Carlton Gibson
c9ec72ea1b [4.0.x] Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
 2021-12-28 10:08:54 +01:00
Mariusz Felisiak
b5f60ef5a7 [4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4. 
psycopg2 2.8.4 is the first release to support Python 3.8.
Backport of ca04659b4b3f042c1bc7e557c25ed91e3c56c745 from main
 2021-12-22 20:33:49 +01:00