mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-02-28 11:34:28 +00:00
Code Issues 32 Releases Wiki Activity
31,759 Commits 29 Branches 434 Tags
Commit Graph

5120 Commits

Author SHA1 Message Date
Natalia
ad866a1ca3 [4.2.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation. 
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-01-14 09:08:01 -03:00
Natalia
bf4888d317 [4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
 2024-09-03 09:42:25 -03:00
Sarah Boyce
d147a8ebbd [4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2024-09-03 09:42:15 -03:00
Lorenzo Peña
96a3497400 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.

Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
 2024-07-25 09:44:51 +02:00
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:40:50 -03:00
Adam Johnson
5b698cbcf1 [4.2.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac5890147a8271eb5eb19bb88ab93dadc6c6d from main
 2023-11-28 20:12:09 +01:00
Tim Schilling
6d7313bc87 [4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs. 
The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
 2023-11-23 05:28:43 +01:00
William Hayes
e9acdff462 [4.2.x] Refs #33690 -- Added missing data-theme selector to example in theming support docs. 
Backport of 640283711e6c8d25ad0e3c97453cd178a3e4d6a6 from main
 2023-11-15 05:28:17 +01:00
Adam Johnson
90c3d71dfe [4.2.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07ceeb036436e065898e411b247bca78 from main
 2023-11-09 11:05:54 -03:00
Patrick Rauscher
3d2370607d [4.2.x] Fixed #34813 -- Doc'd usage of integrity HTML attribute with ManifestStaticFilesStorage. 
Backport of 116e225266c511dfc0bfc96c8497e9c8aaa4d004 from main
 2023-11-02 08:27:06 -03:00
Sarah Boyce
61612990d8 [4.2.x] Fixed typos in docs/ref/models/expressions.txt. 
Backport of 8992a0489c01ac8ab7283264a315c005511323e2 from main
 2023-10-28 14:22:30 +02:00
Izzy Hyman
ffba63180c [4.2.x] Fixed typo in docs/ref/contrib/gis/geos.txt. 
Backport of c42250a7039a5ace1b482b30c6a1359b748cae65 from main
 2023-10-27 05:32:47 +02:00
lufafajoshua
e8fe48d3a0 [4.2.x] Fixed #34808 -- Doc'd aggregate function's default argument. 
Backport of 8adc7c86ab85ed91e512bc49056e301cbe1715d0 from main
 2023-10-11 16:11:09 -03:00
ume
99dcba90b4 [4.2.x] Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS setting docs. 
Backport of 90c75dc4f37bee19b7c3790519d187e38e293800 from main
 2023-10-06 09:56:11 +02:00
David Sanders
6697880219 [4.2.x] Refs #31435 -- Doc'd potential infinite recursion when accessing model fields in __init__. 
Backport of e47298aec4fa04416e7082331fbd44bd9f2662aa from main
 2023-10-05 14:34:07 -03:00
Mariusz Felisiak
a9a3317a95 [4.2.x] Corrected wrap_socket() reference in docs/ref/settings.txt. 
Backport of f9cdecfb0de40698eb2ce44c04068bb091fa8998 from main
 2023-10-04 19:54:32 +02:00
Natalia
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:39:49 -03:00
Mariusz Felisiak
dd0bf63d3e [4.2.x] Added warning about flatpages and untrusted users. 
Backport of 571bab98879578b6ef54ee654ead06736855767d from main
 2023-09-27 19:10:59 +02:00
David Sanders
b08f53ff46 [4.2.x] Refs #34808 -- Doc'd that aggregation functions on empty groups can return None. 
Backport of 78b5c9075348aa12da2e024f6ece29d1d652dfdd from main
 2023-09-21 13:18:15 -03:00
Mariusz Felisiak
ff26e6ad84 [4.2.x] Corrected QuerySet.prefetch_related() note about GenericRelation(). 
GenericRelation is a reverse generic relationship so it's always
homogeneous. Mentioning this as a restriction is confusing.
Backport of 88b5b7b8e56667b0f55ea6f04038b6ac77c57b98 from main
 2023-09-16 06:58:08 +02:00
Michele Mazzucchi
866122690d [4.2.x] Doc'd HttpResponse.cookies. 
Backport of 5bfb3cbf49e2b9701e7c42989e14a72374adb6bd from main
 2023-09-14 12:29:49 +02:00
Keryn Knight
f55b420277 [4.2.x] Fixed #34781 -- Updated logging ref docs for django.server's request extra context value. 
Backport of 428023e2677aeb80d86b19f90b0c6b82c7cb666d from main
 2023-08-22 22:44:46 -03:00
Almaz Kunpeissov
2ef2b2ffc0 [4.2.x] Corrected pycon formatting in some docs. 
Backport of 5a3725594faacc412e2d2b4ed160370228f1a118 from main
 2023-08-01 08:47:40 +02:00
John Parton
a52a2b6678 [4.2.x] Fixed #34749 -- Corrected QuerySet.acreate() signature in docs. 
Backport of af0c5caff72e5ffda4dff708a57e37ae4778197d from main
 2023-07-28 18:06:04 +02:00
Bruno Alla
12ebd9a1ac [4.2.x] Refs #34712 -- Doc'd that defining STORAGES overrides the default configuration. 
Backport of 86561844ce66cda3e6a8c22d4ace4c2d1bc1f2e7 from main
 2023-07-24 21:07:41 +02:00
Mariusz Felisiak
1f9d00ef9f [4.2.x] Added missing backticks in docs. 
Backport of 02376f1f53db24039c200ef4818d96accf16a88b from main
 2023-07-21 12:55:10 +02:00
nessita
c99d935600 [4.2.x] Fixed typo in docs/ref/models/querysets.txt. 
Removed assignment in example for Blog annotation to match shown result.
Backport of addbc90049083f1d5f7ac138ed00111b71a75233 from main
 2023-07-20 19:49:01 +02:00
Vyacheslav Dmitriev
da92a971a0 [4.2.x] Refs #30052 -- Clarified that defer() and only() do not work with aggregated fields. 
Backport of b126f694160c4641e64e57dba6b022f06fbfa745 from main
 2023-07-20 14:07:16 -03:00
David Sanders
c646412a75 Added reference to TypedChoiceField in ChoiceField docs. 2023-07-18 12:06:59 -03:00
Jon Ribbens
e54f711d42 [4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages. 
Backport of adfb3dfa89b62ee0c838a64d3d480c03dd3ec869 from main
 2023-07-03 13:55:31 +02:00
Mariusz Felisiak
b7c5feb35a [4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:19:23 +02:00
nessita
7b45fe01ab [4.2.x] Added dedicated section for output_field in query expressions docs. 
Backport of 679928834295ebd874ede667dbaae8a7945d3580 from main
 2023-06-27 15:14:13 -03:00
Mariusz Felisiak
67fe092a85 [4.2.x] Fixed typo in docs/ref/models/querysets.txt. 
Backport of c4a09499aa760c92969083b4639703b5b0a562fb from main
 2023-06-27 12:54:46 +02:00
Mariusz Felisiak
a18e0f44d5 [4.2.x] Corrected admin.E013 check message in docs. 
Backport of ddb6506618ea52c6b20e97eefad03ed847a1e3de from main
 2023-06-20 12:59:48 +02:00
AP Jama
dae052d823 [4.2.x] Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped. 
Backport of 4037223d0f12c44ecd6f369ccbabcbd279a1bdbc from main
 2023-06-01 13:10:45 +01:00
Akash Kumar Sen
dca5f5d58a [4.2.x] Fixed #34600 -- Removed references to bleach in docs. 
Backport of b0a6cc7f5738d6b959faf10354b772338f611fd9 from main
 2023-05-31 10:23:37 +01:00
Natalia
25bd9faf32 [4.2.x] Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs. 
Backport of 1a59a324cec5caf12ea0c4947564828aa7bda02a from main.
 2023-05-26 07:50:19 +02:00
Stefan Brand
a44e974412 [4.2.x] Corrected documentation of Log database function. 
Backport of eb9df03a43f34c44131ec3a295643327b8a68bb4 from main
 2023-05-24 05:30:43 +02:00
Mariusz Felisiak
cdd970ae22 [4.2.x] Fixed #34568 -- Made makemigrations --update respect --name option. 
Thanks David Sanders for the report.
Backport of c52f4295f254e1c14af769d22b1a5f516a941f58 from main
 2023-05-17 13:15:30 +02:00
Mariusz Felisiak
2b5c5e54de [4.2.x] Updated broken links in docs. 
Backport of 93830abf7694e0f281931f10eeaa34993855e7dd from main
 2023-05-17 12:13:40 +02:00
Alexerson
ddccecee91 [4.2.x] Fixed #34556 -- Doc'd that StreamingHttpResponse accepts memoryviews and strings iterators. 
Backport of 599f3e2cda50ab084915ffd08edb5ad6cad61415 from main
 2023-05-12 10:36:03 -03:00
Alberto Sottile
dbe263751c [4.2.x] Clarified database connections lifetime outside HTTP requests. 
Backport of e901407e2369ddb16a5c866e1f2fbf8ea8acf549 from main
 2023-05-12 08:10:51 -03:00
Pan Dango
bcf66f1355 [4.2.x] Corrected code-block directive in docs/ref/templates/builtins.txt. 
Backport of 12ec80726f33e8dbd80de3cecf48d76ac4c0aa89 from main
 2023-05-07 14:52:16 +02:00
Jannis Vajen
4eaed191b6 [4.2.x] Corrected code-block directives in docs. 
Backport of 024954aad4c422a091b7afab42fff1a9d7478fce from main
 2023-05-04 19:34:19 +02:00
Andrei Shabanski
88f23b6b81 [4.2.x] Refs #33662 -- Corrected Sitemap.get_languages_for_item() signature in docs. 
Backport of 5c456a879300e5f51010d3f6aa7449302413efed from main
 2023-04-27 19:54:18 +02:00
Tom Forbes
01779cdcef [4.2.x] Doc'd that Count("*") is equivalent to COUNT(*) SQL. 
Backport of 23d24f82a7450ef5d369845e18cc0130be5bac6c from main
 2023-04-27 11:54:26 +02:00
Mariusz Felisiak
a4f7d935a2 [4.2.x] Added meaningful titles to ..admonition:: directives. 
Backport of c487634c106888effbba680e02269e489ab911a6 from main
 2023-04-21 12:04:21 +02:00
David Sanders
9967faab0b [4.2.x] Fixed #34440 -- Doc'd that & queryset operator works similar to chaining. 
Backport of 0494efddc422716431b92896899284b6afebb23a from main
 2023-04-20 09:12:03 +02:00
Sage Abdullah
f80dbcf7dc [4.2.x] Fixed #34435 -- Doc'd that JSONField.default must be a callable. 
Backport of 01ae9d4ca9afdaf30a247e10e8333261a7d8224c from main
 2023-04-19 21:53:04 +02:00
Tim Graham
7679741c46 [4.2.x] Added Snowflake to list of third-party DB backends. 
Backport of 57f2b935b34d148c3c0d906fc8256765004b7b77 from main
 2023-04-17 07:44:37 +02:00