mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity
31,786 Commits 30 Branches 460 Tags
c62f4eeda774b10541154b9e980f5b981030c4a0
Commit Graph

31786 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Natalia
c62f4eeda7 [4.2.x] Added stub release notes and release date for 4.2.22. 
Backport of 1a74434399 from main.
 2025-05-28 10:21:44 -03:00
Jason Judkins
c5b42632c9 [4.2.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable apps tutorial for PEP 625. 
Backport of 1307b8a1cb from main.
 2025-05-26 12:38:29 -03:00
Natalia
32fd8dec56 [4.2.x] Added helpers in csrf_tests and logging_tests to assert logs from log_response(). 
Backport of ad6f998898 from main.
 2025-05-22 15:45:13 -03:00
Natalia
acbe655a0f [4.2.x] Refs #26688 -- Added tests for log_response() internal helper. 
Backport of 8970468159 from main.
 2025-05-22 15:44:44 -03:00
Natalia
dc365cac9b [4.2.x] Refs #35980 -- Added release note about changes in release artifacts filenames. 
Backport of 42ab99309d from main.
 2025-05-09 13:33:55 -03:00
Natalia
c454afbf4c [4.2.x] Removed "Expected" from release date for 4.2.21. 
Backport of c86156378d from main.
 2025-05-09 13:33:08 -03:00
Natalia
5b29315848 [4.2.x] Cleaned up CVE-2025-32873 security archive description. 
Backport of 37f2a77c72 from main.
 2025-05-07 11:38:00 -03:00
Natalia
0d5495850a [4.2.x] Added CVE-2025-32873 to security archive. 
Backport of fdabda4e05 from main.
 2025-05-07 11:25:04 -03:00
Natalia
9db7076057 [4.2.x] Post-release version bump. 2025-05-06 22:39:26 -03:00
Natalia
87175d270a [4.2.x] Bumped version for 4.2.21 release. 4.2.21 2025-05-06 22:37:35 -03:00
Sarah Boyce
9cd8028f3e [4.2.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). 
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
Howard for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 9f3419b519 from main.
 2025-05-06 22:36:15 -03:00
Claude Paroz
ca31ca09f7 [4.2.x] Changed packing recommendation to use pyproject.toml in reusable apps docs. 
Backport of f71bcc001b from main.
 2025-05-05 11:46:49 -03:00
Natalia
f4bd564701 [4.2.x] Adjusted GitHub Action workflow to test Python versions based off pyproject.toml. 2025-05-05 11:46:49 -03:00
Nick Pope
3456eee4a3 [4.2.x] Fixed #35980 -- Updated setuptools to normalize package names in built artifacts. 
Backport of 3ae049b26b from main.
 2025-05-05 11:46:49 -03:00
Claude Paroz
afe52d89c4 [4.2.x] Migrated setuptools configuration to pyproject.toml. 
This branch migrates setuptools configuration from setup.py/setup.cfg to
pyproject.toml. In order to ensure that the generated binary files have
consistent casing (both the tarball and the wheel), setuptools version
is limited to ">=61.0.0,<69.3.0".

Configuration for flake8 was moved to a dedicated .flake8 file since
it cannot be configured via pyproject.toml.

Also, __pycache__ exclusion was removed from MANIFEST and the
extras/Makefile was replaced with a simpler build command.

Co-authored-by: Nick Pope <nick@nickpope.me.uk>

Backport of 4686541691 from main.
 2025-05-05 11:46:49 -03:00
Claude Paroz
35c34ed2d0 [4.2.x] Removed obsolete rpm-related install code. 
Backport of edcf8532ff from main.
 2025-05-05 11:46:49 -03:00
Natalia
93973d4f88 [4.2.x] Added upcoming security release to release notes. 
Backport of 0f5dd0dff3 from main.
 2025-04-30 14:58:52 -03:00
nessita
b3df753399 [4.2.x] Refs #36341 -- Added release note for 4.2.21 for fix in wordwrap template filter. 
Revision 1e9db35836 fixed a regression in
55d89e25f4, which also needs to be
backported to the stable branches in extended support.

Backport of c86242d61f from main.
 2025-04-23 17:35:28 -03:00
Matti Pohjanvirta
e61e3daaf0 [4.2.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. 
Regression in 55d89e25f4.

This work improves the django.utils.text.wrap() function to ensure that
empty lines and lines with whitespace only are kept instead of being
dropped.

Thanks Matti Pohjanvirta for the report and fix.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 1e9db35836 from main.
 2025-04-23 17:33:02 -03:00
David Smith
07edc976c7 [4.2.x] Upgraded to Python 3.12, Ubuntu 24.04, and enabled fail_on_warning for docs builds. 
Backport of 73d532d9a9 from main.
 2025-04-23 11:20:26 -03:00
Mariusz Felisiak
24eeba2c15 [4.2.x] Fixed warnings per flake8 7.2.0. 
https://github.com/PyCQA/flake8/releases/tag/7.2.0

Backport of 281910ff8e from main.
 2025-04-23 09:41:20 -03:00
nessita
d5db532077 [4.2.x] Pinned isort version to "<6.0.0" to avoid undesired reformat. 
Backport of 0671a461c4 from main.
 2025-04-23 08:55:43 -03:00
Sarah Boyce
318c16d2b8 [4.2.x] Fixed #36298 -- Truncated the overwritten file content in file_move_safe(). 
Regression in 58cd4902a7.

Thanks Baptiste Mispelon for the report.

Backport of 8ad3e80e88 from main.
 2025-04-07 16:17:50 +02:00
Sarah Boyce
506cf74b0a [4.2.x] Added CVE-2025-26699 to security archive. 
Backport of bad1a18ff2 from main.
 2025-03-06 14:09:31 +01:00
Sarah Boyce
6d3f4c13f1 [4.2.x] Post-release version bump. 2025-03-06 10:07:14 +01:00
Sarah Boyce
35c58a7924 [4.2.x] Bumped version for 4.2.20 release. 4.2.20 2025-03-06 10:03:51 +01:00
Sarah Boyce
e88f7376fe [4.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. 
Thanks sw0rd1ight for the report.

Backport of 55d89e25f4 from main.
 2025-03-06 10:01:44 +01:00
Sarah Boyce
348e46a3e0 [4.2.x] Added stub release notes and release date for 4.2.20. 
Backport of ea1e3703be from main.
 2025-02-27 16:14:34 +01:00
Natalia
73e210755a [4.2.x] Post-release version bump. 2025-02-05 11:02:59 -03:00
Natalia
db89d2fee7 [4.2.x] Bumped version for 4.2.19 release. 4.2.19 2025-02-05 10:55:11 -03:00
Natalia
83231cca9c [4.2.x] Added release date for 4.2.19. 
Backport of 294cc965ef from main.
 2025-02-05 10:52:55 -03:00
Simon Charette
7bd1ddf1d8 [4.2.x] Refs #34060 -- Adjusted CVE-2024-53908 regression test for psycopg2. 
The lack of explicit cast for JSON literals on psycopg2 is fixed on 5.1+ by
0d8fbe2ade but didn't qualify for a backport to
stable/4.2.x.
 2025-01-17 08:28:10 +01:00
Sarah Boyce
57b0229421 [4.2.x] Refs #36098 -- Fixed validate_ipv4_address() crash for non-string values. 
Regression in ca2be7724e.
 2025-01-16 16:01:11 -03:00
Mariusz Felisiak
043dfadbce [4.2.x] Fixed #36098 -- Fixed validate_ipv6_address()/validate_ipv46_address() crash for non-string values. 
Regression in ca2be7724e.

Backport of b3c5830769 from main.
 2025-01-15 13:54:57 -03:00
Natalia
8769b44fda [4.2.x] Added CVE-2024-56374 to security archive. 
Backport of f2a1dcaa53 from main.
 2025-01-14 11:39:32 -03:00
Natalia
01db9774f6 [4.2.x] Post-release version bump. 2025-01-14 09:18:27 -03:00
Natalia
a7b0e50ead [4.2.x] Bumped version for 4.2.18 release. 4.2.18 2025-01-14 09:08:35 -03:00
Natalia
ad866a1ca3 [4.2.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation. 
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-01-14 09:08:01 -03:00
Natalia
b0d309c9eb [4.2.x] Added stub release notes and release date for 4.2.18. 
Backport of 53e21eebf2 from main.
 2025-01-07 12:37:42 -03:00
Sarah Boyce
39cf3c63f3 [4.2.x] Cleaned up CVE-2024-53907 and CVE-2024-53908 security archive descriptions. 
Backport of eb665e076c from main.
 2024-12-04 17:03:55 +01:00
Sarah Boyce
0ff19d12e7 [4.2.x] Added CVE-2024-53907 and CVE-2024-53908 to security archive. 
Backport of 595cb4a7ae from main.
 2024-12-04 16:33:06 +01:00
Sarah Boyce
6c4fc7d620 [4.2.x] Post-release version bump. 2024-12-04 14:37:13 +01:00
Sarah Boyce
1f0356ff2a [4.2.x] Bumped version for 4.2.17 release. 4.2.17 2024-12-04 14:34:11 +01:00
Simon Charette
7376bcbf50 [4.2.x] Fixed CVE-2024-53908 -- Prevented SQL injections in direct HasKeyLookup usage on Oracle. 
Thanks Seokchan Yoon for the report, and Mariusz Felisiak and Sarah
Boyce for the reviews.
 2024-12-04 14:32:17 +01:00
Sarah Boyce
790eb058b0 [4.2.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). 
Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart
for the reviews.
 2024-12-04 14:32:08 +01:00
Mariusz Felisiak
f663277a4c [4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to properly validate IPv6 and IPvFuture addresses. 
Refs Python CVE-2024-11168. Django should not affected, but others who
incorrectly use internal function _urlsplit() with unsanitized input
could be at risk.

https://github.com/python/cpython/pull/103849
 2024-12-03 09:50:11 +01:00
Sarah Boyce
0acff0fd1f [4.2.x] Added stub release notes and release date for 4.2.17. 
Backport of 2544c15854 from main.
 2024-11-27 15:48:50 +01:00
Mariusz Felisiak
b381b19854 [4.2.x] Fixed docs build on Sphinx 8.1+. 
Sphinx 8.1 added :cve: role, so there is no need to define it in Django:
- https://github.com/sphinx-doc/sphinx/pull/11781

This also changes used URL to the one used by Python and soonish to be
used by Sphinx itself:
- https://github.com/sphinx-doc/sphinx/pull/13006

Backport of 263f731919 from main.
 2024-11-26 10:09:37 -03:00
Tainara Palmeira
ea4a1fb61e [4.2.x] Refs #35844 -- Expanded compatibility for expected error messages in command tests on Python 3.12. 
Updated CommandTests.test_subparser_invalid_option and CommandDBOptionChoiceTests.test_invalid_choice_db_option to use assertRaisesRegex() for compatibility with modified error messages in Python 3.12, 3.13, and 3.14+..

Backport of fc22fdd34f from main.
 2024-10-30 11:32:52 +01:00
nessita
345a6652e6 [4.2.x] Added GitHub Action workflow to test all Python versions listed in the project config file. 
Backport of 470f4c2436 from main.
 2024-10-09 14:33:48 -03:00