Takayuki Hirayama 
							
						 
					 
					
						
						
						
						
							
						
						
							0393b9262d 
							
						 
					 
					
						
						
							
							Fixed   #32812  -- Restored immutability of named values from QuerySet.values_list().  
						
						... 
						
						
						
						Regression in 981a072dd4dec586f8fc606712ed9a2ef116eeee.
Thanks pirelle for the report. 
						
						
					 
					
						2021-06-04 07:23:16 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							d9cee3f5f2 
							
						 
					 
					
						
						
							
							Fixed docs header underlines in security archive.  
						
						
						
						
					 
					
						2021-06-02 12:16:38 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							ba10772bf6 
							
						 
					 
					
						
						
							
							Added stub release notes for Django 3.2.5.  
						
						
						
						
					 
					
						2021-06-02 11:25:32 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							a39f235ca4 
							
						 
					 
					
						
						
							
							Added CVE-2021-33203 and CVE-2021-33571 to security archive.  
						
						
						
						
					 
					
						2021-06-02 11:15:54 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							e1d787f1b3 
							
						 
					 
					
						
						
							
							Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.  
						
						... 
						
						
						
						validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384  
						
						
					 
					
						2021-06-02 10:58:39 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
						
						
							
						
						
							46572de2e9 
							
						 
					 
					
						
						
							
							Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.  
						
						
						
						
					 
					
						2021-06-02 10:58:39 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							f66ae7a2d5 
							
						 
					 
					
						
						
							
							Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.  
						
						
						
						
					 
					
						2021-06-02 10:19:19 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e703b152c6 
							
						 
					 
					
						
						
							
							Fixed   #32793  -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.  
						
						... 
						
						
						
						Regression in 1e38f1191de21b6e96736f58df57dfb851a28c1f.
Thanks Mohsen Tamiz for the report. 
						
						
					 
					
						2021-06-01 15:11:42 +02:00 
						 
				 
			
				
					
						
							
							
								Daniyal 
							
						 
					 
					
						
						
						
						
							
						
						
							a0410ffe8f 
							
						 
					 
					
						
						
							
							Refs  #32552  -- Added DiscoverRunner.log() to allow customization.  
						
						... 
						
						
						
						Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews. 
						
						
					 
					
						2021-06-01 13:31:44 +02:00 
						 
				 
			
				
					
						
							
							
								Gildardo Adrian Maravilla Jacome 
							
						 
					 
					
						
						
						
						
							
						
						
							91e21836f6 
							
						 
					 
					
						
						
							
							Fixed   #32319  -- Added ES module support to ManifestStaticFilesStorage.  
						
						
						
						
					 
					
						2021-05-31 11:09:48 +02:00 
						 
				 
			
				
					
						
							
							
								David Wobrock 
							
						 
					 
					
						
						
						
						
							
						
						
							b9df2b74b9 
							
						 
					 
					
						
						
							
							Fixed   #32676  -- Prevented migrations from rendering related field attributes when not passed during initialization.  
						
						... 
						
						
						
						Thanks Simon Charette for the implementation idea. 
						
						
					 
					
						2021-05-28 20:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Hannes Ljungberg 
							
						 
					 
					
						
						
						
						
							
						
						
							b746596f5f 
							
						 
					 
					
						
						
							
							Refs  #32779  -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.  
						
						
						
						
					 
					
						2021-05-28 10:50:27 +02:00 
						 
				 
			
				
					
						
							
							
								Mohammadreza Varasteh 
							
						 
					 
					
						
						
						
						
							
						
						
							e93eb3d971 
							
						 
					 
					
						
						
							
							Fixed   #32789  -- Made feeds emit elements with no content as self-closing tags.  
						
						
						
						
					 
					
						2021-05-27 21:05:28 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							e513fb0e77 
							
						 
					 
					
						
						
							
							Fixed typo in MiddlewareMixin deprecation note.  
						
						
						
						
					 
					
						2021-05-27 06:17:30 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							12b19a1d76 
							
						 
					 
					
						
						
							
							Fixed   #32783  -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.  
						
						... 
						
						
						
						Regression in ec6d2531c59466924b645f314ac33f54470d7ac3.
Thanks JonathanNickelson for the report. 
						
						
					 
					
						2021-05-26 11:19:47 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
						
						
							
						
						
							1143f3bb5e 
							
						 
					 
					
						
						
							
							Fixed   #32543  -- Added search_help_text to ModelAdmin.  
						
						
						
						
					 
					
						2021-05-26 10:20:13 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							b46dbd4e3e 
							
						 
					 
					
						
						
							
							Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.  
						
						
						
						
					 
					
						2021-05-26 10:16:05 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
						
						
							
						
						
							68357b2ca9 
							
						 
					 
					
						
						
							
							Fixed   #32744  -- Normalized to pathlib.Path in autoreloader check for template changes.  
						
						
						
						
					 
					
						2021-05-26 09:41:29 +02:00 
						 
				 
			
				
					
						
							
							
								Rohith PR 
							
						 
					 
					
						
						
						
						
							
						
						
							7cca22964c 
							
						 
					 
					
						
						
							
							Fixed   #32375  -- Started deprecation toward changing the default sitemap protocol to https.  
						
						... 
						
						
						
						The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0. 
						
						
					 
					
						2021-05-21 11:00:54 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							66491f08fe 
							
						 
					 
					
						
						
							
							Changed IRC references to Libera.Chat.  
						
						
						
						
					 
					
						2021-05-20 12:23:36 +02:00 
						 
				 
			
				
					
						
							
							
								David Sanders 
							
						 
					 
					
						
						
						
						
							
						
						
							736bb9868a 
							
						 
					 
					
						
						
							
							Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.  
						
						
						
						
					 
					
						2021-05-20 07:29:16 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							c2e6047c72 
							
						 
					 
					
						
						
							
							Fixed   #32740  -- Caught possible exception when initializing colorama.  
						
						
						
						
					 
					
						2021-05-19 10:33:15 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
						
						
							
						
						
							8cd55021bc 
							
						 
					 
					
						
						
							
							Fixed   #32379  -- Started deprecation toward changing default USE_TZ to True.  
						
						... 
						
						
						
						Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> 
						
						
					 
					
						2021-05-18 20:26:44 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							958cdf65ae 
							
						 
					 
					
						
						
							
							Fixed   #32747  -- Prevented initialization of unused caches.  
						
						... 
						
						
						
						Thanks Alexander Ebral for the report.
Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f. 
						
						
					 
					
						2021-05-18 18:24:19 +02:00 
						 
				 
			
				
					
						
							
							
								Rust Saiargaliev 
							
						 
					 
					
						
						
						
						
							
						
						
							a24fed399c 
							
						 
					 
					
						
						
							
							Fixed   #32733  -- Skipped system check for specifying type of auto-created primary keys on abstract models.  
						
						... 
						
						
						
						Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb. 
						
						
					 
					
						2021-05-18 13:02:33 +02:00 
						 
				 
			
				
					
						
							
							
								Slava Skvortsov 
							
						 
					 
					
						
						
						
						
							
						
						
							f7691d4812 
							
						 
					 
					
						
						
							
							Fixed   #32754  -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.  
						
						... 
						
						
						
						Regression in ba31b0103442ac891fb3cb98f316781254e366c3. 
						
						
					 
					
						2021-05-18 09:14:05 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							c156e36955 
							
						 
					 
					
						
						
							
							Refs  #32720  -- Updated various links in docs to avoid redirects and use HTTPS.  
						
						
						
						
					 
					
						2021-05-17 09:46:09 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4ee487c7 
							
						 
					 
					
						
						
							
							Refs  #32720  -- Fixed some broken links in docs.  
						
						
						
						
					 
					
						2021-05-17 09:22:17 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							1c3bbcf802 
							
						 
					 
					
						
						
							
							Refs  #32720  -- Used full hashes in security archive.  
						
						
						
						
					 
					
						2021-05-17 08:27:46 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							df5c96299a 
							
						 
					 
					
						
						
							
							Corrected commit hashes for security patches.  
						
						
						
						
					 
					
						2021-05-17 08:26:06 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							8c4caee76a 
							
						 
					 
					
						
						
							
							Refs  #32720  -- Used :commit: and :source: role in old release notes.  
						
						
						
						
					 
					
						2021-05-17 07:36:57 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							820408d842 
							
						 
					 
					
						
						
							
							Added stub release notes for Django 3.2.4.  
						
						
						
						
					 
					
						2021-05-13 09:42:26 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b55699968f 
							
						 
					 
					
						
						
							
							Fixed   #32718  -- Relaxed file name validation in FileField.  
						
						... 
						
						
						
						- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. 
						
						
					 
					
						2021-05-13 08:53:44 +02:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
						
						
							
						
						
							b81c7562fc 
							
						 
					 
					
						
						
							
							Fixed   #32717  -- Fixed filtering of querysets combined with the | operator.  
						
						... 
						
						
						
						Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc31f1324048af9233583a523ac54c94.
Thanks Shaheed Haque for the report. 
						
						
					 
					
						2021-05-13 07:26:52 +02:00 
						 
				 
			
				
					
						
							
							
								Raffaele Salmaso 
							
						 
					 
					
						
						
						
						
							
						
						
							3733ae8957 
							
						 
					 
					
						
						
							
							Fixed   #32031  -- Added model class for each model to AdminSite.each_context().  
						
						
						
						
					 
					
						2021-05-13 06:57:09 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							29e4ccb1a2 
							
						 
					 
					
						
						
							
							Fixed   #32738  -- Deprecated django.utils.datetime_safe module.  
						
						
						
						
					 
					
						2021-05-12 14:42:17 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
						
						
							
						
						
							1061f52436 
							
						 
					 
					
						
						
							
							Fixed   #32732  -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.  
						
						... 
						
						
						
						The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL. 
						
						
					 
					
						2021-05-12 12:21:57 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d1f1417cae 
							
						 
					 
					
						
						
							
							Refs  #32718  -- Corrected CVE-2021-31542 release notes.  
						
						
						
						
					 
					
						2021-05-12 10:42:01 +02:00 
						 
				 
			
				
					
						
							
							
								Jordi Castells 
							
						 
					 
					
						
						
						
						
							
						
						
							205c36b58f 
							
						 
					 
					
						
						
							
							Fixed   #32670  -- Allowed GDALRasters to use any GDAL virtual filesystem.  
						
						
						
						
					 
					
						2021-05-07 20:03:46 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
						
						
							
						
						
							028f10fac6 
							
						 
					 
					
						
						
							
							Fixed   #32712  -- Deprecated django.utils.baseconv module.  
						
						
						
						
					 
					
						2021-05-07 11:57:40 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							29779075d7 
							
						 
					 
					
						
						
							
							Added stub release notes for Django 3.2.3.  
						
						
						
						
					 
					
						2021-05-06 10:08:00 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
						
						
							
						
						
							efebcc429f 
							
						 
					 
					
						
						
							
							Added CVE-2021-32052 to security archive.  
						
						
						
						
					 
					
						2021-05-06 09:58:24 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e1e81aa1c4 
							
						 
					 
					
						
						
							
							Fixed   #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.  
						
						... 
						
						
						
						In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882  and
[2] 76cd81d603 
						
						
					 
					
						2021-05-06 08:45:23 +02:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
						
						
							
						
						
							96f55ccf79 
							
						 
					 
					
						
						
							
							Fixed   #32714  -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.  
						
						... 
						
						
						
						Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd.
Thanks Kevin Marsh for the report. 
						
						
					 
					
						2021-05-05 08:43:57 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							62b2e8b37e 
							
						 
					 
					
						
						
							
							Added commits for CVE-2021-31542 to security archive.  
						
						
						
						
					 
					
						2021-05-04 11:09:21 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							607ebbfba9 
							
						 
					 
					
						
						
							
							Added CVE-2021-31542 to security archive.  
						
						
						
						
					 
					
						2021-05-04 11:06:07 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
						
						
							
						
						
							5a43cfe245 
							
						 
					 
					
						
						
							
							Added stub release notes for Django 3.2.2.  
						
						
						
						
					 
					
						2021-05-04 11:01:33 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
						
						
							
						
						
							0b79eb3691 
							
						 
					 
					
						
						
							
							Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.  
						
						
						
						
					 
					
						2021-05-04 08:44:42 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
						
						
							
						
						
							54da6e2ac2 
							
						 
					 
					
						
						
							
							Fixed   #32678  -- Removed SECURE_BROWSER_XSS_FILTER setting.  
						
						
						
						
					 
					
						2021-04-30 12:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
						
						
							
						
						
							8bcb00858e 
							
						 
					 
					
						
						
							
							Fixed   #32698  -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().  
						
						
						
						
					 
					
						2021-04-30 08:05:42 +02:00