mirror of
https://github.com/django/django.git
synced 2025-06-18 09:59:13 +00:00
cf5f36bf90
The "q" key was removed while addressing ticket #36411. Despite `MediaType.params` is undocumented and considered internal, it was used in third-party projects (Zulip reported breakage), so this work restored the `q` key in `params`. Thanks Anders Kaseorg for the report. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead.
23 lines
806 B
Plaintext
23 lines
806 B
Plaintext
==========================
|
|
Django 5.2.3 release notes
|
|
==========================
|
|
|
|
*June 10, 2025*
|
|
|
|
Django 5.2.3 fixes several bugs in 5.2.2. Also, the latest string translations
|
|
from Transifex are incorporated.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a log injection possibility by migrating remaining response logging
|
|
to ``django.utils.log.log_response()``, which safely escapes arguments such
|
|
as the request path to prevent unsafe log output (:cve:`2025-48432`).
|
|
|
|
* Fixed a regression in Django 5.2 that caused :meth:`.QuerySet.bulk_update` to
|
|
incorrectly convert ``None`` to JSON ``null`` instead of SQL ``NULL`` for
|
|
``JSONField`` (:ticket:`36419`).
|
|
|
|
* Fixed a regression in Django 5.2.2 where the ``q`` parameter was removed from
|
|
the internal ``django.http.MediaType.params`` property (:ticket:`36446`).
|