Mariusz Felisiak
9fee86e44d
[4.1.x] Added CVE-2023-46695 to security archive.
...
Backport of 7caf2621833a45cdfe7e6e305e4885ecc8d79744 from main
2023-11-01 08:18:14 +01:00
Mariusz Felisiak
4965bfdde2
[4.1.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
2023-11-01 06:26:16 +01:00
Mariusz Felisiak
e4aabf3f0f
[4.1.x] Added stub release notes for 4.1.13 and 3.2.23.
...
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main.
2023-10-25 05:44:22 +02:00
Natalia
348489a29b
[4.1.x] Added CVE-2023-43665 to security archive.
...
Backport of 4e790271e3e65c9ad037b347a34fa95e11982228 from main
2023-10-04 13:10:44 -03:00
Natalia
c7b7024742
[4.1.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
...
Thanks Wenchao Li of Alibaba Group for the report.
2023-10-04 09:40:33 -03:00
Natalia
910df41352
[4.1.x] Added stub release notes for 4.1.12 and 3.2.22.
2023-09-27 14:31:51 -03:00
Mariusz Felisiak
4c14db3415
[4.1.x] Added CVE-2023-41164 to security archive.
...
Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main
2023-09-04 13:18:20 +02:00
Mariusz Felisiak
ba00bc5ec6
[4.1.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-09-04 12:14:21 +02:00
Mariusz Felisiak
05d78acb9c
[4.1.x] Added stub release notes for 4.1.11 and 3.2.21.
...
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-08-28 06:16:11 +02:00
Mariusz Felisiak
44f6bb5652
[4.1.x] Added CVE-2023-36053 to security archive.
...
Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main
2023-07-03 10:31:12 +02:00
Mariusz Felisiak
beb3f3d559
[4.1.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
...
Thanks Seokchan Yoon for reports.
2023-07-03 08:27:05 +02:00
Mariusz Felisiak
3b48fe413f
[4.1.x] Added stub release notes for 4.1.10 and 3.2.20.
...
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
2023-06-26 14:37:24 +02:00
Mariusz Felisiak
66e1e9b006
[4.1.x] Added CVE-2023-31047 to security archive.
...
Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main
2023-05-03 15:22:12 +02:00
Mariusz Felisiak
e7c3a2ccc3
[4.1.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field.
...
Thanks Moataz Al-Sharida and nawaik for reports.
Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-05-03 13:54:21 +02:00
Mariusz Felisiak
491dccec1a
[4.1.x] Added missing backticks in docs/releases/1.7.txt.
2023-04-26 09:30:14 +02:00
Mariusz Felisiak
6d334a0ca5
[4.1.x] Added stub release notes for 4.1.9 and 3.2.19.
...
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
2023-04-26 08:51:18 +02:00
Mariusz Felisiak
67a79dcf5b
[4.1.x] Added release date for 4.1.8.
...
Backport of fdf0a367bdd72c70f91fb3aed77dabbe9dcef69f from main
2023-04-05 06:19:38 +02:00
David Wobrock
ba1654cb54
[4.1.x] Fixed #34384 -- Fixed session validation when rotation secret keys.
...
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7.
Thanks Eric Zarowny for the report.
Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main
2023-03-08 11:33:47 +01:00
Mariusz Felisiak
ff3e3eb2bd
[4.1.x] Added stub release notes for 4.1.8.
...
Backport of 9a07999aef7958c9b5441e368cd90646d0edc5c9 from main
2023-03-06 17:38:07 +01:00
Carlton Gibson
991461a3b3
[4.1.x] Added CVE-2023-24580 to security archive.
...
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
2023-02-14 09:53:25 +01:00
Markus Holtermann
628b33a854
[4.1.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.
...
Thanks to Jakob Ackermann for the report.
2023-02-14 08:24:06 +01:00
Sota Tabu
425c75f56f
[4.1.x] Fixed #34318 -- Added release note for 4bfe8c0eec835b8eaffcda7dc1e3b203751a790a.
...
Backport of 3e9d413231edc29768cc7ca0427e63b19233f562 from main
2023-02-13 14:13:36 +01:00
Mariusz Felisiak
590a92e456
[4.1.x] Fixed #34319 -- Fixed Model.validate_constraints() crash on ValidationError with no code.
...
Thanks Mateusz Kurowski for the report.
Regression in 667105877e6723c6985399803a364848891513cc.
Backport of 2fd755b361d3da2cd0440fc9839feb2bb69b027b from main
2023-02-08 16:40:38 +01:00
Carlton Gibson
ae53649b38
[4.1.x] Added stub release notes for 4.0.10 and 3.2.18.
...
Set date for 4.1.7 release.
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-07 10:12:12 +01:00
Mariusz Felisiak
83c88af9f8
[4.1.x] Added stub release notes for 4.1.7.
...
Backport of f3c89744cc801cc7d134bca9958c4a74aa76380f from main
2023-02-01 13:22:50 +01:00
Mariusz Felisiak
9ac634ff26
[4.1.x] Added CVE-2023-23969 to security archive.
...
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
2023-02-01 12:10:18 +01:00
Nick Pope
9d7bd5a56b
[4.1.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
...
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.
Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:46:23 +01:00
Mariusz Felisiak
26b7a25632
[4.1.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
...
Thanks Dan F for the report.
Bug in 667105877e6723c6985399803a364848891513cc.
Backport of 2b1242abb3989f5d74e787b09132d01bcbee5b55 from main.
2023-01-26 09:34:15 +01:00
Carlton Gibson
bc48c7dfd6
[4.1.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
...
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25 12:27:07 +01:00
Carlton Gibson
bb59ef749f
[4.1.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
...
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2023-01-25 11:58:50 +01:00
Steven
d805010d68
[4.1.x] Fixed "nulls characters" typo in docs.
...
Backport of 4b7016866a80ec8582f55fc7eedfa692039e9648 from main
2023-01-16 08:24:21 +01:00
Mariusz Felisiak
f6d138eeff
[4.1.x] Added stub release notes for 4.1.6.
...
Backport of 75500feecddcb27b6ab65c9057e7317024cef761 from main
2023-01-02 08:51:44 +01:00
Mariusz Felisiak
7bcf84d363
[4.1.x] Added release date for 4.1.5.
...
Backport of 174d8157b5700f6451ac0bdc3eef7e73121bc4a4 from main
2023-01-02 08:11:41 +01:00
Mariusz Felisiak
46b28bbe15
[4.1.x] Updated translations from Transifex.
...
Updated Bulgarian, Esperanto, Hungarian, Japanese, Macedonian, Persian,
Portuguese (Brazil), Russian, Spanish, and Turkmen translations.
2022-12-20 19:33:28 +01:00
James Gillard
af3cfc8630
[4.1.x] Fixed #34205 -- Fixed Meta.constraints validation crash with ArrayField and __len lookup.
...
Regression in 88fc9e2826044110b7b22577a227f122fe9c1fb5 that began
manifesting in Django 4.1.
Backport of c5ed884eabf3b2b67581c55bf6c87e721f69157f from main.
2022-12-10 19:39:00 +01:00
Carlton Gibson
c2dadbcbf0
[4.1.x] Added stub release notes for 4.1.5.
...
Backport of 845a5db38fd3d2695af8cece78951729936a0196 from main
2022-12-06 10:21:44 +01:00
Carlton Gibson
65d31d9e41
[4.1.x] Added release date for 4.1.4.
...
Backport of f4a053a2940c2e5324550cd796724a5837362cba from main
2022-12-06 09:57:26 +01:00
Mariusz Felisiak
423fa4c072
[4.1.x] Updated various links to HTTPS and new locations.
...
Backport of 514884e9a555c51afba3d26d9370a908af4752a6 from main
2022-12-06 06:00:34 +01:00
Mariusz Felisiak
58156f4ed7
[4.1.x] Refs #33397 , Refs #34160 -- Added release note for resolving output_field changes.
...
Backport of e8dcef155c1848ef49e54f787a7d20faf3bf9296 from main
2022-11-30 08:22:29 +01:00
DevilsAutumn
170322451a
[4.1.x] Fixed #34171 -- Fixed QuerySet.bulk_create() on fields with db_column in unique_fields/update_fields.
...
Bug in 0f6946495a8ec955b471ca1baaf408ceb53d4796.
Thanks Joshua Brooks for the report.
Backport of 4035bab56f2862a25cd7bfba41a84e58672cb1cc from main
2022-11-22 20:04:38 +01:00
Mariusz Felisiak
3b0a8ea299
[4.1.x] Fixed #34177 -- Fixed QuerySet.bulk_create() crash on "pk" in unique_fields.
...
Bug in 0f6946495a8ec955b471ca1baaf408ceb53d4796.
Backport of 7d5329852f19c6ae78c6f6f3d3e41835377bf295 from main
2022-11-22 14:26:48 +01:00
Jon Janzen
9fb57fcc70
[4.1.x] Fixed #34139 -- Fixed acreate(), aget_or_create(), and aupdate_or_create() methods for related managers.
...
Bug in 58b27e0dbb3d31ca1438790870b2b51ecdb10500.
Backport of 7b94847e384b1a8c05a7d4c8778958c0290bdf9a from main
2022-11-08 08:13:56 +01:00
Daniel Ivanov
eca526eab0
[4.1.x] Fixed #34088 -- Fixed Sitemap.get_latest_lastmod() crash with empty items.
...
Bug in 480191244d12fefbf95854b2b117c71ffe44749a.
Thanks Michal Čihař for the report.
Backport of 5eab4d1924613a5506e517f157054b4852ae7dc2 from main
2022-11-07 07:57:11 +01:00
Mariusz Felisiak
84a2b2e7a7
[4.1.x] Fixed #34138 -- Avoided table rebuild when adding inline m2m fields on SQLite.
...
Regression in 2f73e5406d54cb8945e187eff302a3a3373350be.
Thanks David Wobrock for the report.
Backport of 7b0e9ea53ca99de2f485ec582f3a79be34b531d4 from main
2022-11-04 09:31:30 +01:00
Mariusz Felisiak
e8ea852f07
[4.1.x] Added stub release notes for 4.1.4.
...
Backport of c765b62e3258de4dce9935ab7aed430346dfbc10 from main
2022-11-01 07:31:24 +01:00
Mariusz Felisiak
cf69b9f7ef
[4.1.x] Added release date for 4.1.3.
...
Backport of 635e5643b3921e278dbddf8f13ecb66f17cd6aee from main
2022-11-01 06:59:26 +01:00
Mariusz Felisiak
ddf3ee6f9e
[4.1.x] Refs #33173 -- Doc'd Python 3.11 compatibility in Django 4.1.x.
...
Backport of eb6cc01d0f62c73441a3610193ba210176d0935f from main.
2022-10-26 20:13:41 +02:00
Carlton Gibson
84814412a0
[4.1.x] Fixed #34085 -- Made management commands don't use black for non-Python files.
...
Bug in d113b5a837f726d1c638d76c4e88445e6cd59fd5.
Co-authored-by: programmylife <acmshar@gmail.com>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Backport of 5c2c7277d4554db34c585477b269bb1acfcbbe56 from main.
2022-10-20 14:38:40 -07:00
Carlton Gibson
e9a24a15f2
[4.1.x] Added CVE-2022-36359 to security archive.
...
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
2022-10-04 10:12:35 +02:00
Carlton Gibson
324d4fcbe1
[4.1.x] Added stub release notes for 4.1.3 release.
...
Backport of 7a089273236cf79a6c8a3db7a622fb89872ebe37 from main
2022-10-04 09:49:47 +02:00