1
0
mirror of https://github.com/django/django.git synced 2025-07-10 20:59:12 +00:00

258 Commits

Author SHA1 Message Date
Mariusz Felisiak
e4aabf3f0f [4.1.x] Added stub release notes for 4.1.13 and 3.2.23.
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main.
2023-10-25 05:44:22 +02:00
Natalia
910df41352 [4.1.x] Added stub release notes for 4.1.12 and 3.2.22. 2023-09-27 14:31:51 -03:00
Mariusz Felisiak
05d78acb9c [4.1.x] Added stub release notes for 4.1.11 and 3.2.21.
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-08-28 06:16:11 +02:00
Mariusz Felisiak
3b48fe413f [4.1.x] Added stub release notes for 4.1.10 and 3.2.20.
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
2023-06-26 14:37:24 +02:00
Mariusz Felisiak
6d334a0ca5 [4.1.x] Added stub release notes for 4.1.9 and 3.2.19.
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
2023-04-26 08:51:18 +02:00
Mariusz Felisiak
ff3e3eb2bd [4.1.x] Added stub release notes for 4.1.8.
Backport of 9a07999aef7958c9b5441e368cd90646d0edc5c9 from main
2023-03-06 17:38:07 +01:00
Carlton Gibson
ae53649b38 [4.1.x] Added stub release notes for 4.0.10 and 3.2.18.
Set date for 4.1.7 release.

Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-07 10:12:12 +01:00
Mariusz Felisiak
83c88af9f8 [4.1.x] Added stub release notes for 4.1.7.
Backport of f3c89744cc801cc7d134bca9958c4a74aa76380f from main
2023-02-01 13:22:50 +01:00
Carlton Gibson
bc48c7dfd6 [4.1.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25 12:27:07 +01:00
Carlton Gibson
bb59ef749f [4.1.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2023-01-25 11:58:50 +01:00
Mariusz Felisiak
f6d138eeff [4.1.x] Added stub release notes for 4.1.6.
Backport of 75500feecddcb27b6ab65c9057e7317024cef761 from main
2023-01-02 08:51:44 +01:00
Carlton Gibson
c2dadbcbf0 [4.1.x] Added stub release notes for 4.1.5.
Backport of 845a5db38fd3d2695af8cece78951729936a0196 from main
2022-12-06 10:21:44 +01:00
Mariusz Felisiak
e8ea852f07 [4.1.x] Added stub release notes for 4.1.4.
Backport of c765b62e3258de4dce9935ab7aed430346dfbc10 from main
2022-11-01 07:31:24 +01:00
Carlton Gibson
324d4fcbe1 [4.1.x] Added stub release notes for 4.1.3 release.
Backport of 7a089273236cf79a6c8a3db7a622fb89872ebe37 from main
2022-10-04 09:49:47 +02:00
Carlton Gibson
fba7962bac [4.1.x] Set date and added stub notes for 4.1.2, 4.0.8, and 3.2.16 releases.
Backport of c2bc71b635e3ca637b6920f30fb3dcc92037cee2 and
f08651c06cb5fe5a6181354e053bf82fe8d68f16 from main.
2022-09-27 10:11:25 +02:00
Mariusz Felisiak
4987ce3350 [4.1.x] Added stub release notes for 4.1.2.
Backport of 604fadde11966c5fdfe5a236a7a3963ee868f764 from main
2022-09-05 06:09:35 +02:00
Carlton Gibson
a9268e3225 [4.1.x] Added stub release notes for 4.1.1.
Backport of 09e837c5d93d8ac22697e711901a63ead59c9fd4 from main
2022-08-03 10:53:02 +02:00
Carlton Gibson
5b509539e2 [4.1.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases.
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
2022-07-27 09:32:04 +02:00
Mariusz Felisiak
38c2bdba35 [4.1.x] Added stub release notes for 4.0.7.
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
2022-07-04 10:33:18 +02:00
Mariusz Felisiak
d783ce3d8d [4.1.x] Added stub release notes and release date for 4.0.6 and 3.2.14.
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
2022-06-27 07:16:51 +02:00
Carlton Gibson
0fb0355271 [4.1.x] Added stub release notes for 4.0.6.
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
2022-06-01 14:40:30 +02:00
Mariusz Felisiak
b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
Carlton Gibson
9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Mariusz Felisiak
ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak
eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Carlton Gibson
f38c66b555 Added stub release notes for Django 4.0.2. 2022-01-04 11:10:53 +01:00
Carlton Gibson
b13d920b7b Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 2021-12-28 08:47:33 +01:00
Mariusz Felisiak
adef3d975e Added stub release notes for 4.0.1. 2021-12-07 10:41:32 +01:00
Mariusz Felisiak
ae4077e13e Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 2021-11-30 11:25:00 +01:00
Mariusz Felisiak
d811fa1d10 Added stub release notes for Django 3.2.10. 2021-11-01 10:41:06 +01:00
Carlton Gibson
c113f7fb0d Added stub release notes for Django 3.2.9. 2021-10-05 09:39:20 +02:00
Mariusz Felisiak
810bca5a1a Added stub release notes for 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak
af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Carlton Gibson
947bdec60c Added stub release notes for Django 3.2.7. 2021-08-02 08:41:29 +02:00
Mariusz Felisiak
bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak
8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
Carlton Gibson
ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson
b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Mariusz Felisiak
820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-13 08:53:44 +02:00
Mariusz Felisiak
29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Carlton Gibson
5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Carlton Gibson
df0a9e6d5c Added stub release notes for Django 3.2.1. 2021-04-06 11:49:48 +02:00
Mariusz Felisiak
d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
Mariusz Felisiak
e0f82d7992 Added stub release notes for 3.1.8. 2021-02-25 20:27:10 +01:00
Nick Pope
0ad9fa02e0 Refs CVE-2021-23336 -- Updated tests and release notes for affected versions. 2021-02-19 09:03:06 +01:00
Mariusz Felisiak
8d3c3a5717 Added stub release notes for 3.1.7. 2021-02-01 10:51:16 +01:00