mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-02-28 19:44:35 +00:00
Code Issues 32 Releases Wiki Activity
31,726 Commits 29 Branches 434 Tags
Commit Graph

31726 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Charette
f4af67b9b4 [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-07-31 16:12:35 +02:00
Mariusz Felisiak
efea1ef7e2 [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-31 16:12:23 +02:00
Sarah Boyce
d0a82e26a7 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-07-31 16:12:11 +02:00
Sarah Boyce
fc76660f58 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
 2024-07-31 16:11:59 +02:00
Sarah Boyce
7b1a76f899 [4.2.x] Added stub release notes and release date for 4.2.15. 
Backport of 3f880890699d4412cf23b59dba425111f62afb3a from main.
 2024-07-31 11:29:30 +02:00
Lorenzo Peña
96a3497400 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.

Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
 2024-07-25 09:44:51 +02:00
Mariusz Felisiak
c5d196a652 [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8. 2024-07-11 11:10:15 +02:00
Natalia
8e59e33400 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to security archive. 
Backport of e095c7612d49dbe371e9c7edd76ba99b6bc4f9f6 from main.
 2024-07-09 12:00:22 -03:00
Natalia
72f6c7d3a6 [4.2.x] Post-release version bump. 2024-07-09 11:08:49 -03:00
Natalia
98cf264c9c [4.2.x] Bumped version for 4.2.14 release. 4.2.14 2024-07-09 10:53:02 -03:00
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:40:50 -03:00
Natalia
2b00edc015 [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method. 
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
 2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords. 
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
 2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00
Natalia
d26c8838d0 [4.2.x]Post-release version bump. 2024-05-07 14:44:42 -03:00
Sarah Boyce
3bf46e2e02 [4.2.x] Bumped version for 4.2.13 release. 4.2.13 2024-05-07 17:37:03 +02:00
Sarah Boyce
b46b94e66c [4.2.x] Added release notes for 4.2.13. 
Backport of 90175e110e7cfcf07f4ccdaadc45d7ed6302ce00 from main.
 2024-05-07 17:35:16 +02:00
Natalia
1536833e93 [4.2.x] Post-release version bump. 2024-05-06 14:36:28 -03:00
Sarah Boyce
6193c720b5 [4.2.x] Bumped version for 4.2.12 release. 4.2.12 2024-05-06 17:24:48 +02:00
Sarah Boyce
3f9c8fc1f9 [4.2.x] Added release date for 4.2.12. 
Backport of 34a503162fe222033a1cd3249bccad014fcd1d20 from main.
 2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin." 
This reverts commit 0fc832676cd585fa420d583937b5b2318bc2c629.
 2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin. 
Backport of bdd76c4c3817d8e3ed5b0450d5e18e4eae096f16 from main.
 2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12. 
Backport of cd823778e66307b82469858cfd8d1aa75613b49a from main.
 2024-04-12 15:07:36 +02:00
Natalia
27c32cc991 [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8. 
Backport of 42435fc55cbf7c04c1389ee46cc50e2565b40e37 from main.
 2024-04-10 18:29:33 +02:00
Mariusz Felisiak
0d3ddcaf2c [4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on Python 3.13. 
Payloads with surrogates are passed to the set_payload() since
f97f25ef5d

Backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8 from main.
 2024-04-10 18:18:52 +02:00
Mariusz Felisiak
a76c52b19a [4.2.x] Added CVE-2024-27351 to security archive. 
Backport of da39ae4b5f056a332b5c48402a2ae11767e7d577 from main
 2024-03-04 10:12:58 +01:00
Mariusz Felisiak
721c566859 [4.2.x] Post-release version bump. 2024-03-04 08:47:11 +01:00
Mariusz Felisiak
61a986f53d [4.2.x] Bumped version for 4.2.11 release. 4.2.11 2024-03-04 08:43:32 +01:00
Shai Berger
3c9a2771cc [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). 
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139 [4.2.x] Added release date for 4.2.11 and 3.2.25. 
Backport of 977d25416954a72ad100b01762078bf1ceb89a63 from main
 2024-02-26 08:29:04 +01:00
Daniel Garcia Moreno
86d8034972 [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.2+. 
Python 3.12.2 bring back the skipped tests in the number of running
tests. Refs
0a737639dc

Backport of bc8471f0aac8f0c215b9471b594d159783bac19b from main
 2024-02-10 17:08:48 +01:00
Mariusz Felisiak
cb173bb088 [4.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
 2024-02-08 11:00:36 +01:00
Natalia
227ef29cff [4.2.x] Added CVE-2024-24680 to security archive. 
Backport of c650c1412d1933e339cc93f9b6745c3eedb1c25b from main
 2024-02-06 12:16:50 -03:00
Natalia
e2f1907642 [4.2.x] Post release version bump. 2024-02-06 10:04:22 -03:00
Natalia
a684d73fc9 [4.2.x] Bumped version for 4.2.10 release. 4.2.10 2024-02-06 09:57:24 -03:00
Adam Johnson
572ea07e84 [4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
 2024-02-06 09:56:20 -03:00
nessita
9fe7411235
[4.2.x] Pinned black == 23.12.1 for blacken-docs checks. 2024-01-30 05:47:27 +01:00
nessita
71dd587da9
[4.2.x] Pinned black == 23.12.1 in GitHub actions, pre-commit and test requirements. 2024-01-29 12:53:06 -03:00
Natalia
74582b8d11 [4.2.x] Added stub release notes for 4.2.10 and 3.2.24. 
Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
 2024-01-29 12:09:52 -03:00
Mariusz Felisiak
4198a5cb2d [4.2.x] Post-release version bump. 2024-01-02 10:11:39 +01:00
Mariusz Felisiak
f339c4c8e4 [4.2.x] Bumped version for 4.2.9 release. 4.2.9 2024-01-02 10:10:11 +01:00
Mariusz Felisiak
0a4c5e56b4 [4.2.x] Added release date for 4.2.9. 
Backport of f82a2c3b3d553f36661cfdce5261bffb669d68a9 from main.
 2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813 [4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line. 
Thanks James Gillard for the report.

Regression in 729266c6f29c7a0677b24926a86a767ef3078b26.

Backport of 4aae864463b149393a36e0b18345cf6ed392634d from main
 2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb [4.2.x] Added stub release notes for 4.2.9. 
Backport of 464af0975cac6abc46b3e5c3305194c958fc465b from main
 2023-12-05 06:12:20 +01:00
Mariusz Felisiak
a315e82f31 [4.2.x] Post-release version bump. 2023-12-04 09:29:47 +01:00
Mariusz Felisiak
dff965798e [4.2.x] Bumped version for 4.2.8 release. 4.2.8 2023-12-04 09:26:51 +01:00
Mariusz Felisiak
52e28e5fbf [4.2.x] Added release date for 4.2.8. 
Backport of 8fcb9f1f106cf60d953d88aeaa412cc625c60029 from main
 2023-12-04 09:25:56 +01:00
Mariusz Felisiak
6e2d9f0aa8 [4.2.x] Fixed #35006 -- Fixed migrations crash when altering Meta.db_table_comment on SQLite. 
Thanks Юрий for the report.

Regression in 78f163a4fb3937aca2e71786fbdd51a0ef39629e.
Backport of 37fc832a54ad37e75a898a2c8f9ab0820617c4af from main
 2023-11-30 10:11:28 +01:00
Adam Johnson
5b698cbcf1 [4.2.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac5890147a8271eb5eb19bb88ab93dadc6c6d from main
 2023-11-28 20:12:09 +01:00