mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-09 14:59:24 +00:00
Code Issues 32 Releases Wiki Activity
33,529 Commits 30 Branches 459 Tags
Commit Graph

33529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sarah Boyce
ed8fc39d77 [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract(). 
Thanks stackered for the report.

Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23.

Backport of 924a0c092e65fa2d0953fd1855d2dc8786d94de2 from main.
 2025-10-01 08:25:20 -04:00
Mariusz Felisiak
52fbae0a4d [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. 
Thanks sw0rd1ight for the report.

Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.

Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.
 2025-10-01 08:24:18 -04:00
Jacob Walls
1794cbf961 [5.2.x] Made cosmetic edits to 5.2.7 release notes. 
Backport of 6c82b0bc91fc650891b0b411ac4a5a86cf0cf3e8 from main.
 2025-09-30 16:34:43 -04:00
okaybro
81625a141e [5.2.x] Fixed #36587 -- Clarified usage of list.insert() for upload handlers. 
Thanks Baptiste Mispelon for the report

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of afe6634146d0fe70498976c49d2eb4d745aa9064 from main.
 2025-09-29 14:51:44 +02:00
Samriddha9619
6f3813e4b6 [5.2.x] Fixed #35877, Refs #36128 -- Documented unique constraint when migrating a m2m field to use a through model. 
Backport of daba609a9bdc7a97bcf327c7ba0a5f7b3540b46e from main.
 2025-09-29 09:00:19 +02:00
Mariusz Felisiak
10a2d3b837 [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. 
Backport of 00174507f8a91e9577ae233c58af561b379f2695 from main.
 2025-09-24 11:41:04 -04:00
Jacob Walls
b2773a39a3 [5.2.x] Refs #25508 -- Used QuerySet.__repr__ in docs/ref/contrib/postgres/search.txt. 
Backport of efb96138b4af774c22ae6e949410b45d69960357 from main.
 2025-09-23 10:09:18 -04:00
CodingWithSaksham
7554c54e5f [5.2.x] Fixed #36581 -- Updated serialization examples from XML to JSON. 
Backport of 762d3be8c559b0abf415be8d6117f04fb6347983 from main.
 2025-09-18 15:47:20 +02:00
Natalia
2a2936c3e6 [5.2.x] Updated translations from Transifex. 2025-09-18 09:50:46 -03:00
David Smith
5484d1f2b0 [5.2.x] Fixed OGRInspectTest.test_time_field with memory Spatialite database. 
Backport of 82b3b84a78055844ee07d5d97843a4fc72872e28 from main.
 2025-09-18 09:35:32 -03:00
antoliny0919
d8e9dec1ad [5.2.x] Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget chosen labels in TabularInlines. 
Regression in a0f50c2a483678d31bd1ad6f08fd3a0b8399e27b.

Backport of 1e7728888dbbff437ad9847c82b84feb81f785df from main.
 2025-09-17 10:01:37 +02:00
Jacob Walls
1dbf415a18 [5.2.x] Fixed typo in docs/ref/contrib/contenttypes.txt. 
Backport of c48904a225e2e8f02274257247d5b7d29c5fe183 from main.
 2025-09-13 11:29:40 -04:00
Mridul Dhall
b8df1eb7c2 [5.2.x] Fixed #36597 -- Corrected directives for functions from email module in docs. 
Thanks Mike Edmunds for the report.

Backport of e183d6c26c8da4486c151f9ce973828e2404a796 from main.
 2025-09-12 18:59:58 +02:00
Salman
adc80dd81e [5.2.x] Fixed #36486 -- Added MongoDB to list of third-party DB backends. 
Backport of 46fdeb1373aa7e9089d14440987444493cc9c2e0 from main
 2025-09-09 08:24:11 +02:00
Jake Howard
fbced43cf8 [5.2.x] Refs #36588 -- Warned about using external templates in startapp/startproject commands. 
Clarified that custom templates provided via `--template` for `starapp`
and `startproject` are used as-is, adding a warning that malicious or
poorly constructed templates may introduce security issues.

Backport of 4e7a991c12a113229e0927974d3bf94ea04eecf6 from main.
 2025-09-04 13:38:31 -03:00
Mariusz Felisiak
e2d83a2076 [5.2.x] Added missing backticks in docs/releases/security.txt. 
Backport of 686a8a62ae7faba9c3b17080c3532b821e8cb1f3 from main
 2025-09-04 11:10:33 +02:00
Sarah Boyce
18c6bc5db2 [5.2.x] Added CVE-2025-57833 to security archive. 
Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main.
 2025-09-03 15:28:27 +02:00
Sarah Boyce
db13f7fbcb [5.2.x] Added stub release notes for 5.2.7. 
Backport of ab7c7dd99b3ddc489d9f007b273d891973212aa3 from main.
 2025-09-03 15:22:02 +02:00
Sarah Boyce
90a9ba1aec [5.2.x] Post-release version bump. 2025-09-03 13:29:20 +02:00
Sarah Boyce
75c4403f07 [5.2.x] Bumped version for 5.2.6 release. 5.2.6 2025-09-03 13:17:48 +02:00
Jake Howard
4c044fcc86 [5.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in column aliases. 
Thanks Eyal Gabay (EyalSec) for the report.

Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main.
 2025-09-03 13:15:55 +02:00
Sarah Boyce
e87ca3d6fa [5.2.x] Made cosmetic edits to 5.2.6 release notes. 
Backport of d044e25dc2106b94ebdedf0bfde9238be1a3765c from main.
 2025-09-03 12:19:46 +02:00
Clifford Gama
ebec2c9323 [5.2.x] Removed unused import in docs/ref/models/expressions.txt example. 
Backport of 21603c5b50cda80610496248810bb6391f08b648 from main
 2025-08-31 08:16:09 +02:00
SaJH
ace59cb83b [5.2.x] Fixed #36431 -- Returned tuples for multi-column ForeignObject in values()/values_list(). 
Thanks Jacob Walls and Simon Charette for tests.

Signed-off-by: SaJH <wogur981208@gmail.com>

Backport of bb7a7701b1a0e8fffe14dcebf5d5bac7f176c02a from main
 2025-08-29 15:36:09 -04:00
Mustafa Pirbhai
16a12a9799 [5.2.x] Fixed #35831 -- Documented the model form meta API in model form reference docs. 
Co-authored-by: Jonathan <3218047+jernwerber@users.noreply.github.com>
Co-authored-by: Mustafa <117516335+mspirbhai@users.noreply.github.com>

Backport of 183fcebf88aa0762a2e28477f9b24c34341a75f4 from main.
 2025-08-29 09:00:37 +02:00
Sarah Boyce
51753bc809 [5.2.x] Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. 
Backport of 4c71e334401a3e83c013419d0e2211543e7e873b from main.
 2025-08-27 16:07:46 +02:00
Jacob Walls
a486455125 [5.2.x] Corrected definition of "needsinfo" triage stage in contributing guide. 
Backport of 66082a7dac7ad357446168d09e6ca3b305f1faf0 from main
 2025-08-27 09:22:26 -04:00
Jacob Walls
f8e572e843 [5.2.x] Removed reference to flake8 file exclusions. 
Obsolete since 41384812efe209c8295a50d78b45e0ffb2992436.
(six was removed in 9285926295fbfc86b70e7be8d595d4cfbe7895b8.)
Backport of 165ad74c578f94f962624a40dff14e1b2e23a1f8 from main
 2025-08-23 20:06:54 +02:00
Mariusz Felisiak
9c9ed6fd7a [5.2.x] Refs #35530 -- Corrected deprecation message in auth.alogin(). 
Follow up to ceecd518b19044181a3598c55ebed7c2545963cc.

Backport of b3166e1e15824aedb7a609dfda18ef36ea023d06 from main.
 2025-08-22 16:15:42 +02:00
Mariusz Felisiak
98972b53aa [5.2.x] Corrected release notes of calling format_html() without arguments. 
Backport of bcddf641ae705209c01a4b18a9384aa91fdc94e1 from main
 2025-08-20 07:35:30 +02:00
mengxun
38844c348b [5.2.x] Fixed spelling of "logged-in" when used as an adjective in docs. 
Backport of f5c944b3141c58bb4a5c7bbca61180b2ad7c13aa from main.
 2025-08-19 12:43:52 -03:00
Natalia
9a720d5c50 [5.2.x] Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior. 
Python fixed a quadratic complexity processing for HTMLParser in:
https://github.com/python/cpython/commit/6eb6c5db.

Backport of 2980627502c84a9fd09272e1349dc574a2ff1fb1 from main.
 2025-08-13 17:48:37 -03:00
Natalia
74fafe2715 [5.2.x] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors following Python's HTMLParser fixed parsing. 
Further details about Python changes can be found in:
0243f97cba.

Refs #36499. Thank you Clifford Gama for the thorough review!

Backport of e4515dad7a6d953c0bd2414127ba36e1446ff41a from main.
 2025-08-13 17:48:37 -03:00
Jacob Walls
a4e27c0c6b [5.2.x] Refs #34378, #36143, #36416 -- Fixed isolation of LookupTests.test_in_bulk_preserve_ordering_with_batch_size(). 
`max_query_params` is a property, so it must be patched on the class.

Backport of a68e8565cdd4fc3f8b738fc516095dab142b9d65 from main.
 2025-08-13 15:30:34 -03:00
David Sanders
4926591343 [5.2.x] Aligned format of constraint examples in docs/ref/models/constraints.txt. 
Backport of fda3c1712a1eb7b20dfc91e6c9abae32bd64d081 from main.
 2025-08-13 09:16:06 +02:00
Rohit
1d9f6c3270 [5.2.x] Corrected code examples in topics docs. 
Backport of fa804d0d14ef4547b4fe2a88ab5d89d4eed5bacd from main.
 2025-08-11 10:14:43 +02:00
Sarah Boyce
ad836aa0c5 [5.2.x] Added stub release notes for 5.2.6. 
Backport of 0bff53b4138d8c6009e9040dbb8916a1271a68d7 from main.
 2025-08-06 10:36:46 +02:00
Sarah Boyce
a7546c4773 [5.2.x] Post-release version bump. 2025-08-06 10:35:14 +02:00
Sarah Boyce
a3b1107a49 [5.2.x] Bumped version for 5.2.5 release. 5.2.5 2025-08-06 10:04:41 +02:00
Sarah Boyce
0489f54e8b [5.2.x] Added release date for 5.2.5. 
Backport of 8999b0e2bf62ffa1ea19995508712ed8eda2cc14 from main.
 2025-08-06 09:59:50 +02:00
David Smith
a9c7d4b703 [5.2.x] Refs #36485 -- Grouped docs checks under a unified make check target. 
Added a new 'check' rule to the docs Makefile which runs both the black
and spelling checks.

Backport of 7f9bf357feac06bb34017e1f6c7a7730b1991ede from main.
 2025-08-05 12:20:13 -03:00
David Smith
5ad6d43cd9 [5.2.x] Refs #34140 -- Added dedicated code block formatting section in docs/internals/contributing/writing-documentation.txt. 
Backport of cba73281966c816824c9bfa028a1bf44e188ded2 from main.
 2025-08-05 12:20:04 -03:00
jkhall81
bdc3f9e350 [5.2.x] Fixed #36530 -- Extended fields.E347 to check for ManyToManyField involving CompositePrimaryKey on either side. 
Thanks to Jacob Walls for the report.

Backport of 2013092b693be0ebdf36f41dc61615a2de1bbe31 from main.
 2025-08-05 08:46:56 -03:00
Natalia
f01ceae477 [5.2.x] Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22. 
Regression in 65ab92f6a83644bbb555d0eff3a02d8d9301aba4.

Backport of 9cec8d9f55d90fbc162fde23d6ea7a34e322fcae from main.
 2025-08-04 21:53:33 -03:00
Adam Zapletal
5ca58ce3d0 [5.2.x] Corrected assertNumQueries() example in docs/topics/testing/tools.txt. 
Backport of dca8284a376128c64bd0e0792ad12391ae3e7202 from main.
 2025-08-04 15:08:53 +02:00
Simon Charette
b3bb7230e1 [5.2.x] Fixed #34871, #36518 -- Implemented unresolved lookups expression replacement. 
This allows the proper resolving of lookups when performing constraint
validation involving Q and Case objects.

Thanks Andrew Roberts for the report and Sarah for the tests and review.

Backport of 079d31e698fa08dd92e2bc4f3fe9b4817a214419 from main.
 2025-08-04 09:42:32 +02:00
Simon Charette
e5ccb69bc3 [5.2.x] Fixed #36198 -- Implemented unresolved transform expression replacement. 
This allows the proper resolving of F("field__transform") when
performing constraint validation.

Thanks Tom Hall for the report and Sarah for the test.

Prerequisite for #36518.

Backport of fc303551077c3e023fe4f9d01fc1b3026c816fa4 from main.
 2025-08-04 09:41:29 +02:00
Mariusz Felisiak
5aefd005fc [5.2.x] Fixed writer_name deprecation warning in docutils 0.22+. 
Backport of 65ab92f6a83644bbb555d0eff3a02d8d9301aba4 from main.
 2025-07-29 21:50:54 -03:00
Simon Charette
3031c512f0 [5.2.x] Fixed #36522 -- Added support for filtering composite pks using a tuple of expressions. 
Thanks Jacob Walls for the report, and Sarah Boyce and Mariusz Felisiak
for reviews.

Backport of 0a4999b422702c64e21f5a10a4d60300b7074401 from main.
 2025-07-28 16:40:08 -03:00
Jordan Bae
28f33f50b2 [5.2.x] Moved manual testing instructions from intro to submitting patches docs. 
The section on manual testing, including how to use a local checkout of
Django, is moved from the contribution intro to the submitting patches
docs. This makes it easier for reviewers and authors to follow best
practices.

Backport of fdeca380724d523330db9d816c4cda50cda320fd from main.
 2025-07-28 09:02:15 -03:00