Regression introduced in 513948735b799239f3ef8c89397592445e1a0cd5
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.
In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.
The main branch is not affected because the raw SQL column reference
support has been removed in 06eec3197009b88e3a633128bbcbd76eea0b46ff
per the 4.0 deprecation life cycle.
Thanks Joel Saunders for the report.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
The validate_file_name() sanitation introduced in
0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path
components for storages that may allow them.
Test is skipped pending a discussed storage refactoring to support this
use-case.
Backport of a708f39ce67af174df90c5b5e50ad1976cec7cb8 from main
Thanks Kazantcev Andrey for the report.
Regression in f48f671223a20b161ca819cf7d6298e43b8ba5fe.
Backport of f131841c601b9d4884adcdb284b4213c2ad89231 from master
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
Thanks Adam Hooper for the report.
Regression in c574bec0929cd2527268c96a492d25223a9fd576.
Backport of e13b71403bd1568abed237858127677144d43d23 from master
Regression in 6789ded0a6ab797f0dcdfa6ad5d1cfa46e23abcd.
Thanks Juan Garcia Alvite for the report.
Backport of f5e5aac59ebbcea46b98d37834915de0f43d7cc8 from master
Thanks Gordon Wrigley for the report.
Regression in df32fd42b84cc6dbba173201f244491b0d154a63.
Backport of fe9c7ded2996364f853c524b4421274717d89d5f from master
"format string with unnamed arguments cannot be properly localized"
warning is not raised in xgettext 0.21+.
This patch uses a message that causes an xgettext warning regardless of
the version.
Backport of 07a30f561661efae1691ff45d10ec6014b395b58 from master
Regression in 42c08ee46539ef44f8658ebb1cbefb408e0d03fe.
Thanks Simon Charette for the review.
Backport of 4ac2d4fa42e1659f328c35b6b8d4761b3419c11a from master
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
Backport of 34180922380cf41cd684f846ecf00f92eb289bcf from master
Regression in 4ca5c565f4dc9e97845036e86416abc5cfde766c and
ab3cbd8b9a315911248227208630a020cedca08f.
Thanks Vitaliy Yelnik for the report.
Backport of 3b1746d5194778fab15c15dd14c212e0912ec8f3 from master
Regression in 6789ded0a6ab797f0dcdfa6ad5d1cfa46e23abcd.
Thanks Simon Charette and Igor Jerosimić for the report.
Backport of bbd55e58639c33b4c5adff5f41b78deffc915c11 from master
Regression in 6789ded0a6ab797f0dcdfa6ad5d1cfa46e23abcd and
1251772cb83aa4106f526fe00738e51c0eb59122.
Thanks Simon Charette and Igor Jerosimić for the report.
Backport of 7e1e198494d4fc72cf6e153f9d24fe2493c17dc1 from master
Regression in 6789ded0a6ab797f0dcdfa6ad5d1cfa46e23abcd.
Thanks Igor Jerosimić for the report.
Backport of 1f31027bb3ad460864fbcbbb89eeb328c0a2f184 from master
Thanks Gordon Wrigley for the report.
Regression in 8a6df55f2dd5131282084a4edfd48f63fbf8c69a.
Backport of eaf9764d3bb25970da89de5799d8d308715628ba from master
Regression in 0ddb4ebf7bfcc4730c80a772dd146a49ef6895f6.
Thanks Julien Dutriaux for the report.
Backport of e11d05e0b488a3ff2b3c9d8f2e1e50f471750d6e from master
