mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-09 20:29:12 +00:00
Code Issues 32 Releases Wiki Activity
29,559 Commits 29 Branches 451 Tags
Commit Graph

242 Commits

Author SHA1 Message Date
Mariusz Felisiak
fc41af69a2 [3.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
 2024-02-08 11:03:21 +01:00
Natalia
9dc345643e [3.2.x] Added stub release notes 3.2.24. 
Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
 2024-01-29 11:55:24 -03:00
Mariusz Felisiak
e6d2591d9e [3.2.x] Added stub release notes for 3.2.23. 
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main.
 2023-10-25 05:47:09 +02:00
Natalia
6caf7b313d [3.2.x] Added stub release notes for 3.2.22. 
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
 2023-09-27 14:34:57 -03:00
Mariusz Felisiak
73350a6369 [3.2.x] Added stub release notes for 3.2.21. 
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
 2023-08-28 06:19:18 +02:00
Mariusz Felisiak
07cc014cb3 [3.2.x] Added stub release notes for 3.2.20. 
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
 2023-06-26 14:39:49 +02:00
Mariusz Felisiak
a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19. 
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
 2023-04-26 08:54:18 +02:00
Carlton Gibson
932b5bd52d [3.2.x] Added stub release notes for 3.2.18. 
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
 2023-02-07 10:14:53 +01:00
Carlton Gibson
4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17. 
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
 2023-01-25 12:02:29 +01:00
Carlton Gibson
33affaf0b6 [3.2.x] Added stub notes 3.2.16 release. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-09-27 10:14:45 +02:00
Carlton Gibson
ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:34:30 +02:00
Mariusz Felisiak
37f4de2deb [3.2.x] Added stub release notes for 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:23:46 +02:00
Mariusz Felisiak
70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:51:06 +02:00
Mariusz Felisiak
a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
 2022-01-25 07:27:35 +01:00
Carlton Gibson
b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
 2021-12-28 10:09:49 +01:00
Mariusz Felisiak
487a2da02e [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main
 2021-11-30 11:26:39 +01:00
Mariusz Felisiak
34e5e61479 [3.2.x] Added stub release notes for Django 3.2.10. 
Backport of d811fa1d1012e746719aa3af351f56ad21f92610 from main
 2021-11-01 10:42:47 +01:00
Carlton Gibson
329311ecbd [3.2.x] Added stub release notes for Django 3.2.9. 
Backport of c113f7fb0dae0dfd066d05acd1032c9f57a5aaf9 from main
 2021-10-05 09:40:24 +02:00
Mariusz Felisiak
707239eabf [3.2.x] Added stub release notes for Django 3.2.8. 
Backport of af10e97531a59e4af09b5ec0c1a3ea476f2b6015 from main
 2021-09-01 09:51:50 +02:00
Carlton Gibson
87e7399760 [3.2.x] Added stub release notes for Django 3.2.7. 
Backport of 947bdec60cd7f63dc1573578137747893d673700 from main
 2021-08-02 08:43:09 +02:00
Mariusz Felisiak
92efd69107 [3.2.x] Added stub release notes for Django 3.2.6. 
Backport of bcea1a3193d44d8c587173c00abb2eaf61fb9cf7 from main
 2021-07-01 09:44:18 +02:00
Mariusz Felisiak
da2269dc6f [3.2.x] Added stub release notes for 3.1.13 and release date for 3.2.5. 
Backport of 8e97698d7b537cd298438a8d7b55916d275ff851 from main
 2021-07-01 06:57:41 +02:00
Carlton Gibson
66cc97c6b3 [3.2.x] Added stub release notes for Django 3.2.5. 
Backport of ba10772bf659a9507075d713c416882ce2c8df28 from main
 2021-06-02 11:26:00 +02:00
Carlton Gibson
4ba4c07e4e [3.2.x] Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 
Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main
 2021-05-26 10:17:27 +02:00
Mariusz Felisiak
1037825eed [3.2.x] Added stub release notes for Django 3.2.4. 
Backport of 820408d842a07202a80e6ef7f7a57ec6258d88e6 from main
 2021-05-13 09:45:39 +02:00
Mariusz Felisiak
224b8e5a5a [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main
 2021-05-13 08:55:00 +02:00
Mariusz Felisiak
8afb677ce7 [3.2.x] Added stub release notes for Django 3.2.3. 
Backport of 29779075d7f5e1a8cfe0933661d5255e2d7d3cbd from main
 2021-05-06 10:11:32 +02:00
Mariusz Felisiak
2d2c1d0c97 [3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603

Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
 2021-05-06 08:48:22 +02:00
Carlton Gibson
04d8ed3660 [3.2.x] Added stub release notes for Django 3.2.2. 
Backport of 5a43cfe24533591a020ba4e730440bad81c478db from main
 2021-05-04 11:02:11 +02:00
Florian Apolloner
c98f446c18 [3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:43:52 +02:00
Carlton Gibson
2e8ff5f902 [3.2.x] Added stub release notes for Django 3.2.1. 
Backport of df0a9e6d5ce00fc7890545d854dbea876bd07d9b from main
 2021-04-06 11:50:23 +02:00
Mariusz Felisiak
2820fd1be5 [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
 2021-04-06 08:24:01 +02:00
Mariusz Felisiak
904a889ccc [3.2.x] Added stub release notes for 3.1.8. 
Backport of e0f82d7992ad7085dcf4ed096a6ad2e3ad89eaae from master
 2021-02-25 20:49:18 +01:00
Nick Pope
be8237c7cc [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl(). 2021-02-19 09:15:09 +01:00
Mariusz Felisiak
b62e767b88 [3.2.x] Added stub release notes for 3.1.7. 
Backport of 8d3c3a57174a072479978d60f5ecdb9fd3c2fd23 from master
 2021-02-01 10:55:07 +01:00
Mariusz Felisiak
f944f79e55 [3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
 2021-02-01 09:13:37 +01:00
Carlton Gibson
966ed414b2 Added stub release notes for 3.1.6. 2021-01-04 08:58:03 +01:00
Mariusz Felisiak
adb40d217e Added stub release notes for 3.1.5. 2020-12-01 07:12:49 +01:00
Carlton Gibson
c8785b473f Added stub release notes for 3.1.4. 2020-11-02 09:20:53 +01:00
Mariusz Felisiak
e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00
Mariusz Felisiak
85fa24e3eb Added stub release notes for 3.1.3. 2020-10-01 07:52:45 +02:00
Carlton Gibson
7a60670b78 Added stub release notes for 3.1.2. 2020-09-01 10:45:12 +02:00
Mariusz Felisiak
8a5683b6b2 Added stub release notes for 2.2.16 and 3.0.10. 2020-08-11 10:31:44 +02:00
Mariusz Felisiak
6c19230297 Added stub release notes for 3.1.1. 2020-08-04 10:34:38 +02:00
Mariusz Felisiak
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie(). 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.
 2020-07-16 08:16:58 +02:00
Mariusz Felisiak
c2a835703f Added stub release notes for 3.0.9. 2020-07-01 07:00:43 +02:00
Mariusz Felisiak
926148ef01
Fixed #31654 -- Fixed cache key validation messages. 2020-06-05 07:21:52 +02:00
Carlton Gibson
7ec2658e1e Added stub release notes for 3.0.8. 2020-06-03 10:54:29 +02:00
Mariusz Felisiak
50798d4389 Added stub release notes for 2.2.13. 2020-05-14 06:22:54 +02:00
Mariusz Felisiak
3b94f12462 Added stub release notes for 3.2. 2020-05-13 09:07:51 +02:00