mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Code Issues 32 Releases Wiki Activity
31,743 Commits 30 Branches 460 Tags
7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5
Commit Graph

5119 Commits

Author SHA1 Message Date
Natalia
bf4888d317 [4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
 2024-09-03 09:42:25 -03:00
Sarah Boyce
d147a8ebbd [4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2024-09-03 09:42:15 -03:00
Lorenzo Peña
96a3497400 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.

Backport of 0e94f292cd from main.
 2024-07-25 09:44:51 +02:00
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:40:50 -03:00
Adam Johnson
5b698cbcf1 [4.2.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac58901 from main
 2023-11-28 20:12:09 +01:00
Tim Schilling
6d7313bc87 [4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs. 
The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44 from main
 2023-11-23 05:28:43 +01:00
William Hayes
e9acdff462 [4.2.x] Refs #33690 -- Added missing data-theme selector to example in theming support docs. 
Backport of 640283711e from main
 2023-11-15 05:28:17 +01:00
Adam Johnson
90c3d71dfe [4.2.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07 from main
 2023-11-09 11:05:54 -03:00
Patrick Rauscher
3d2370607d [4.2.x] Fixed #34813 -- Doc'd usage of integrity HTML attribute with ManifestStaticFilesStorage. 
Backport of 116e225266 from main
 2023-11-02 08:27:06 -03:00
Sarah Boyce
61612990d8 [4.2.x] Fixed typos in docs/ref/models/expressions.txt. 
Backport of 8992a0489c from main
 2023-10-28 14:22:30 +02:00
Izzy Hyman
ffba63180c [4.2.x] Fixed typo in docs/ref/contrib/gis/geos.txt. 
Backport of c42250a703 from main
 2023-10-27 05:32:47 +02:00
lufafajoshua
e8fe48d3a0 [4.2.x] Fixed #34808 -- Doc'd aggregate function's default argument. 
Backport of 8adc7c86ab from main
 2023-10-11 16:11:09 -03:00
ume
99dcba90b4 [4.2.x] Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS setting docs. 
Backport of 90c75dc4f3 from main
 2023-10-06 09:56:11 +02:00
David Sanders
6697880219 [4.2.x] Refs #31435 -- Doc'd potential infinite recursion when accessing model fields in __init__. 
Backport of e47298aec4 from main
 2023-10-05 14:34:07 -03:00
Mariusz Felisiak
a9a3317a95 [4.2.x] Corrected wrap_socket() reference in docs/ref/settings.txt. 
Backport of f9cdecfb0d from main
 2023-10-04 19:54:32 +02:00
Natalia
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:39:49 -03:00
Mariusz Felisiak
dd0bf63d3e [4.2.x] Added warning about flatpages and untrusted users. 
Backport of 571bab9887 from main
 2023-09-27 19:10:59 +02:00
David Sanders
b08f53ff46 [4.2.x] Refs #34808 -- Doc'd that aggregation functions on empty groups can return None. 
Backport of 78b5c90753 from main
 2023-09-21 13:18:15 -03:00
Mariusz Felisiak
ff26e6ad84 [4.2.x] Corrected QuerySet.prefetch_related() note about GenericRelation(). 
GenericRelation is a reverse generic relationship so it's always
homogeneous. Mentioning this as a restriction is confusing.
Backport of 88b5b7b8e5 from main
 2023-09-16 06:58:08 +02:00
Michele Mazzucchi
866122690d [4.2.x] Doc'd HttpResponse.cookies. 
Backport of 5bfb3cbf49 from main
 2023-09-14 12:29:49 +02:00
Keryn Knight
f55b420277 [4.2.x] Fixed #34781 -- Updated logging ref docs for django.server's request extra context value. 
Backport of 428023e267 from main
 2023-08-22 22:44:46 -03:00
Almaz Kunpeissov
2ef2b2ffc0 [4.2.x] Corrected pycon formatting in some docs. 
Backport of 5a3725594f from main
 2023-08-01 08:47:40 +02:00
John Parton
a52a2b6678 [4.2.x] Fixed #34749 -- Corrected QuerySet.acreate() signature in docs. 
Backport of af0c5caff7 from main
 2023-07-28 18:06:04 +02:00
Bruno Alla
12ebd9a1ac [4.2.x] Refs #34712 -- Doc'd that defining STORAGES overrides the default configuration. 
Backport of 86561844ce from main
 2023-07-24 21:07:41 +02:00
Mariusz Felisiak
1f9d00ef9f [4.2.x] Added missing backticks in docs. 
Backport of 02376f1f53 from main
 2023-07-21 12:55:10 +02:00
nessita
c99d935600 [4.2.x] Fixed typo in docs/ref/models/querysets.txt. 
Removed assignment in example for Blog annotation to match shown result.
Backport of addbc90049 from main
 2023-07-20 19:49:01 +02:00
Vyacheslav Dmitriev
da92a971a0 [4.2.x] Refs #30052 -- Clarified that defer() and only() do not work with aggregated fields. 
Backport of b126f69416 from main
 2023-07-20 14:07:16 -03:00
David Sanders
c646412a75 Added reference to TypedChoiceField in ChoiceField docs. 2023-07-18 12:06:59 -03:00
Jon Ribbens
e54f711d42 [4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages. 
Backport of adfb3dfa89 from main
 2023-07-03 13:55:31 +02:00
Mariusz Felisiak
b7c5feb35a [4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:19:23 +02:00
nessita
7b45fe01ab [4.2.x] Added dedicated section for output_field in query expressions docs. 
Backport of 6799288342 from main
 2023-06-27 15:14:13 -03:00
Mariusz Felisiak
67fe092a85 [4.2.x] Fixed typo in docs/ref/models/querysets.txt. 
Backport of c4a09499aa from main
 2023-06-27 12:54:46 +02:00
Mariusz Felisiak
a18e0f44d5 [4.2.x] Corrected admin.E013 check message in docs. 
Backport of ddb6506618 from main
 2023-06-20 12:59:48 +02:00
AP Jama
dae052d823 [4.2.x] Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped. 
Backport of 4037223d0f from main
 2023-06-01 13:10:45 +01:00
Akash Kumar Sen
dca5f5d58a [4.2.x] Fixed #34600 -- Removed references to bleach in docs. 
Backport of b0a6cc7f57 from main
 2023-05-31 10:23:37 +01:00
Natalia
25bd9faf32 [4.2.x] Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs. 
Backport of 1a59a324ce from main.
 2023-05-26 07:50:19 +02:00
Stefan Brand
a44e974412 [4.2.x] Corrected documentation of Log database function. 
Backport of eb9df03a43 from main
 2023-05-24 05:30:43 +02:00
Mariusz Felisiak
cdd970ae22 [4.2.x] Fixed #34568 -- Made makemigrations --update respect --name option. 
Thanks David Sanders for the report.
Backport of c52f4295f2 from main
 2023-05-17 13:15:30 +02:00
Mariusz Felisiak
2b5c5e54de [4.2.x] Updated broken links in docs. 
Backport of 93830abf76 from main
 2023-05-17 12:13:40 +02:00
Alexerson
ddccecee91 [4.2.x] Fixed #34556 -- Doc'd that StreamingHttpResponse accepts memoryviews and strings iterators. 
Backport of 599f3e2cda from main
 2023-05-12 10:36:03 -03:00
Alberto Sottile
dbe263751c [4.2.x] Clarified database connections lifetime outside HTTP requests. 
Backport of e901407e23 from main
 2023-05-12 08:10:51 -03:00
Pan Dango
bcf66f1355 [4.2.x] Corrected code-block directive in docs/ref/templates/builtins.txt. 
Backport of 12ec80726f from main
 2023-05-07 14:52:16 +02:00
Jannis Vajen
4eaed191b6 [4.2.x] Corrected code-block directives in docs. 
Backport of 024954aad4 from main
 2023-05-04 19:34:19 +02:00
Andrei Shabanski
88f23b6b81 [4.2.x] Refs #33662 -- Corrected Sitemap.get_languages_for_item() signature in docs. 
Backport of 5c456a8793 from main
 2023-04-27 19:54:18 +02:00
Tom Forbes
01779cdcef [4.2.x] Doc'd that Count("*") is equivalent to COUNT(*) SQL. 
Backport of 23d24f82a7 from main
 2023-04-27 11:54:26 +02:00
Mariusz Felisiak
a4f7d935a2 [4.2.x] Added meaningful titles to ..admonition:: directives. 
Backport of c487634c10 from main
 2023-04-21 12:04:21 +02:00
David Sanders
9967faab0b [4.2.x] Fixed #34440 -- Doc'd that & queryset operator works similar to chaining. 
Backport of 0494efddc4 from main
 2023-04-20 09:12:03 +02:00
Sage Abdullah
f80dbcf7dc [4.2.x] Fixed #34435 -- Doc'd that JSONField.default must be a callable. 
Backport of 01ae9d4ca9 from main
 2023-04-19 21:53:04 +02:00
Tim Graham
7679741c46 [4.2.x] Added Snowflake to list of third-party DB backends. 
Backport of 57f2b935b3 from main
 2023-04-17 07:44:37 +02:00
Tim Graham
26f181939e [4.2.x] Used extlinks for PyPI links. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 2c4dc64760 from main
 2023-04-17 07:44:29 +02:00