mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 12:49:13 +00:00
Code Issues 32 Releases Wiki Activity
30,267 Commits 29 Branches 451 Tags
Commit Graph

4158 Commits

Author SHA1 Message Date
Adam Johnson
23f0093125 [4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-09-27 10:26:46 +02:00
Carlton Gibson
4a30e0db26 [4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
 2022-09-27 10:12:55 +02:00
Carlton Gibson
898f0aa44f [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-08-03 09:10:47 +02:00
Carlton Gibson
b7d9529cbe [4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. 
Thanks to Motoyasu Saburi for the report.
 2022-08-03 08:48:00 +02:00
Carlton Gibson
2eb7dedd8f [4.0.x] Adjusted version 4.0.7 release notes. 
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
 2022-08-03 08:37:50 +02:00
Carlton Gibson
b8b449fe20 [4.0.x] Adjusted release notes for 4.0.7 and 3.2.15. 
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
 2022-07-27 10:04:02 +02:00
Carlton Gibson
2c2b748d95 [4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:32:40 +02:00
Mariusz Felisiak
6a830bf900 [4.0.x] Added CVE-2022-34265 to security archive. 
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
 2022-07-04 10:34:15 +02:00
Mariusz Felisiak
90dc60d1a8 [4.0.x] Added stub release notes for 4.0.7. 
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
 2022-07-04 10:34:05 +02:00
Mariusz Felisiak
0dc9c016fa [4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:26:57 +02:00
Mariusz Felisiak
4d20d2f7c2 [4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
 2022-06-27 08:04:25 +02:00
Mariusz Felisiak
8a294ee2e0 [4.0.x] Added stub release notes and release date for 4.0.6 and 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:22:22 +02:00
Mariusz Felisiak
0f3b25044c [4.0.x] Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0. 
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd.
Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
 2022-06-21 09:11:06 +02:00
Carlton Gibson
fd68bfa652 [4.0.x] Added stub release notes for 4.0.6. 
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
 2022-06-01 14:40:58 +02:00
Carlton Gibson
1f1207ec69 [4.0.x] Updated release date for Django 4.0.5. 
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
 2022-06-01 12:26:49 +02:00
Sankalp
fe2e147846 [4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable. 
Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7.

Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8.

Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
 2022-05-21 14:38:53 +02:00
David Wobrock
4a86883e0a [4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters. 
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.

Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
 2022-05-19 07:53:06 +02:00
Mariusz Felisiak
5c6ebe19cc [4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. 
Thanks Ben Picolo for the report.
Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
 2022-05-16 06:18:49 +02:00
Carlton Gibson
5db5c33baa [4.0.x] Updated release date for Django 4.0.5. 
Backport of c5fd5e3cc3d767f5983d44b30df72a29c9c5de83 from main
 2022-05-03 09:19:46 +02:00
David
ed6940f0bf [4.0.x] Added backticks to code literals in various docs. 
Backport of 51874dd1605d0106c68e854572950d2b6f768fc1 from main.
 2022-04-28 11:17:57 +02:00
David
57e7a268b6 [4.0.x] Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 
Backport of 15b888bb833ca2519a90d5eef71e221f192ea7e1 from main
 2022-04-28 11:16:36 +02:00
David
1df71f8f89 [4.0.x] Changed "ie." to "i.e." in docs. 
Backport of 1c2bf80acb8c434a83a3d29d022dea586609f7b7 from main
 2022-04-28 11:16:12 +02:00
Mariusz Felisiak
bcfac538ae [4.0.x] Added stub release notes for 4.0.5. 
Backport of b54fd0e36eaf8d9dd398a84a6748d60f25793788 from main
 2022-04-11 10:53:46 +02:00
Mariusz Felisiak
fa20de5f54 [4.0.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. 
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
 2022-04-11 10:36:26 +02:00
Mariusz Felisiak
00b0fc50e1 [4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:02:58 +02:00
Mariusz Felisiak
800828887a [4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:02:14 +02:00
Manel Clos
78e553b48a [4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9e88c40fc00d848799813241be39129.

Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
 2022-04-11 08:29:10 +02:00
Mariusz Felisiak
7700084142 [4.0.x] Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:50:15 +02:00
Mariusz Felisiak
7d540d67a8 [4.0.x] Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379.

Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379.
Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
 2022-03-30 07:32:38 +02:00
Mariusz Felisiak
f62816bfc6 [4.0.x] Updated Oracle docs links to Oracle 21c. 
Backport of 83c803f161044fbfbfcd9a0c94ca93dc131be662 from main
 2022-03-29 09:43:03 +02:00
Mariusz Felisiak
1af06ffaa5 [4.0.x] Added missing backticks to function names. 
Backport of 39ae8d740e30c18e46873cf82aff76588f1974c7 from main
 2022-03-17 11:10:49 +01:00
Carlton Gibson
d8b437b1fb [4.0.x] Added stub release notes for Django 4.0.4. 
Backport of 9652a118ce8c1cbe1f7cf7a4423adb7c5c50757d from main
 2022-03-01 09:59:18 +01:00
Carlton Gibson
c33413589d [4.0.x] Updated release date for version 4.0.3. 
Backport of 47143e27d4402b62068bf9eb84aa6dd93d3d4678 from main
 2022-03-01 09:33:34 +01:00
Mariusz Felisiak
82f25266bf [4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c826673be9ea519acc86fd898631d1a11356.

Thanks David Glenck for the report.
Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
 2022-03-01 08:10:35 +01:00
Mariusz Felisiak
760b7e7f4f [4.0.x] Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd.

Refs #23916.
Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
 2022-02-16 21:10:30 +01:00
Carlton Gibson
9a7755fa2d [4.0.x] Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of ba94488196a74e312177ef2621fbd427956836ef from main
 2022-02-08 12:01:30 +01:00
David Smith
7043f9ab3f [4.0.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main
 2022-02-02 07:18:43 +01:00
Mariusz Felisiak
1c74ac8648 [4.0.x] Added stub release notes for 4.0.3. 
Backport of ba4a6880d1783190de4081bd456d934beb45cb19 from main
 2022-02-01 09:12:57 +01:00
Mariusz Felisiak
69dfc6e61a [4.0.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:53:10 +01:00
Mariusz Felisiak
f9c7d48fdd [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:44:49 +01:00
Markus Holtermann
0142204606 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:43:45 +01:00
Kirill Safronov
6928227dff [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
 2022-02-01 07:33:22 +01:00
Mariusz Felisiak
aff79be03a [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
 2022-01-31 11:34:29 +01:00
Claude Paroz
7a1c6533eb
[4.0.x] Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
 2022-01-29 18:59:17 +01:00
Mariusz Felisiak
7c2d4d943b [4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce9f6155bb55610ad6b4580d31263557.
Backport of e972620ada4f9ed7bc57f28e133e85c85b0a7b20 from main
 2022-01-27 18:52:35 +01:00
Carlton Gibson
f82ca84f77 [4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS. 
Regression in 5942ab5eb165ee2e759174e297148a40dd855920.

Backport of 85f2a9fb0f0973930abc84a725bc30703aa3d98b from main
 2022-01-26 10:04:08 +01:00
Mariusz Felisiak
c28a41f4f1 [4.0.x] Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main
 2022-01-25 07:26:37 +01:00
Fabian Büchler
b32080219e [4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.

Backport of eeff1787b0aa23016e4844c0f537d5093a95a356 from main
 2022-01-21 08:46:14 +01:00
Keryn Knight
c8a6bf951b [4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views. 
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1.

Backport of f4b06a3cc1e54888ff86f36a1f9a3ddf21292314 from main
 2022-01-10 18:39:59 +01:00
Keryn Knight
2ea0321058 [4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page. 
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b.

Backport of 2a66c102d9c674fadab252a28d8def32a8b626ec from main
 2022-01-08 14:54:10 +01:00