mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-09 20:29:12 +00:00
Code Issues 32 Releases Wiki Activity
29,559 Commits 29 Branches 451 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Simon Charette
a34a5f724c [3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 
Regression introduced in 513948735b799239f3ef8c89397592445e1a0cd5
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec3197009b88e3a633128bbcbd76eea0b46ff
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.
 2021-07-01 08:29:23 +02:00
Mariusz Felisiak
da2269dc6f [3.2.x] Added stub release notes for 3.1.13 and release date for 3.2.5. 
Backport of 8e97698d7b537cd298438a8d7b55916d275ff851 from main
 2021-07-01 06:57:41 +02:00
Claude Paroz
04b744050f
[3.2.x] Updated translations from Transifex. 2021-06-28 07:06:24 +02:00
Hasan Ramezani
8b2b627f34 [3.2.x] Fixed #32863 -- Skipped system check for specifying type of auto-created primary keys on models with invalid app_label. 
Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb.

Thanks Iuri de Silvio for the report.

Backport of 7a9745fed498f69c46a3ffa5dfaff872e0e1df89 from main
 2021-06-22 21:19:47 +02:00
Mariusz Felisiak
826a1659ee [3.2.x] Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+. 
Regression in d4ac23bee1c84d8e4610350202ac068fc90f38c0.

Thanks Omkar Deshpande for the report.

Backport of fa0433d05f213afe4c67055006320f7aba4c8108 from main
 2021-06-10 20:05:55 +02:00
Mariusz Felisiak
bb29174f94 [3.2.x] Refs #32503 -- Added release notes for 5e04e84d67da8163f365e9f5fcd169e2630e2873. 
Backport of 57bc16b38ec75fc96829f912d57a58d8c6358e8f from main
 2021-06-10 20:05:48 +02:00
Takayuki Hirayama
8ec5b7403d [3.2.x] Fixed #32812 -- Restored immutability of named values from QuerySet.values_list(). 
Regression in 981a072dd4dec586f8fc606712ed9a2ef116eeee.

Thanks pirelle for the report.

Backport of 0393b9262dcf1b8302d35a8a470e14837ca1300b from main
 2021-06-04 08:27:25 +02:00
Carlton Gibson
66cc97c6b3 [3.2.x] Added stub release notes for Django 3.2.5. 
Backport of ba10772bf659a9507075d713c416882ce2c8df28 from main
 2021-06-02 11:26:00 +02:00