mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-13 06:09:17 +00:00
Code Issues 32 Releases Wiki Activity
30,135 Commits 29 Branches 451 Tags
Commit Graph

4104 Commits

Author SHA1 Message Date
Florian Apolloner
e1592e0f26 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:10:14 +01:00
Florian Apolloner
2a8ec7f546 [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Florian Apolloner
df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Carlton Gibson
c9ec72ea1b [4.0.x] Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
 2021-12-28 10:08:54 +01:00
Mariusz Felisiak
b5f60ef5a7 [4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4. 
psycopg2 2.8.4 is the first release to support Python 3.8.
Backport of ca04659b4b3f042c1bc7e557c25ed91e3c56c745 from main
 2021-12-22 20:33:49 +01:00
Brenton Partridge
b85ceaaba6 [4.0.x] Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64. 
Backport of 19fb838803f63eef0726a370050443b693f109be from main
 2021-12-21 13:36:08 +01:00
Simon Charette
7e6a2e3b45 [4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector. 
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.

This likely slipped under the radar for so long and only regressed in
b9df2b74b98b4d63933e8061d3cfc1f6f39eb747 because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.

Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.

Backport of 43289707809c814a70f0db38ca4f82f35f43dbfd from main
 2021-12-17 10:00:33 +01:00
Mariusz Felisiak
c1d2e8b9b8 [4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest. 
Regression in 3fd82a62415e748002435e7bad06b5017507777c.

Thanks Terence Honles for the report.
Backport of 40165eecc40f9e223702a41a0cb0958515bb1f82 from main
 2021-12-16 20:14:17 +01:00
Jeremy Lainé
3b03bce122 [4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans. 
Backport of 2f33217ea2cad688040dd6044cdda946c62e5b65 from main
 2021-12-14 08:46:16 +01:00
Baptiste Mispelon
15031852c5 [4.0.x] Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form". 
Thanks OutOfFocus4 for the report.

Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Backport of cb383753c0e0eb52306e1024d32a782549c27e61 from main.
 2021-12-08 21:13:00 +01:00
Nick Pope
b7f2afa8de [4.0.x] Improved release notes wording for template-based form rendering. 
Backport of dfdf1c68645627f54259dbe25f5b42329ee83b5d from main
 2021-12-07 13:35:03 +01:00
Mariusz Felisiak
81a90b5bc3 [4.0.x] Added stub release notes for 4.0.1. 
Backport of adef3d975e55c55b020c2f357d82c2db11e58450 from main
 2021-12-07 10:42:26 +01:00
Mariusz Felisiak
0f4fa0caee [4.0.x] Finalized release notes for Django 4.0. 
Backport of d7bd9eb6cda0aff4634cbb453622b24a98933463 from main
 2021-12-07 10:03:39 +01:00
Mariusz Felisiak
01c0fb9d19 [4.0.x] Updated asgiref dependency for 4.0 release series. 
Backport of 513441240f874dd0b6187c0c6aaa3e8eccd8ddbe from main
 2021-12-07 09:55:18 +01:00
Mariusz Felisiak
7f20e89453 [4.0.x] Added CVE-2021-44420 to security archive. 
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
 2021-12-07 08:53:48 +01:00
Florian Apolloner
20b9ad36ff [4.0.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
 2021-12-07 06:29:34 +01:00
Mariusz Felisiak
2c20883cb0 [4.0.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL. 
This makes models.BinaryField pickleable on PostgreSQL.

Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d.

Thanks Adam Zimmerman for the report.

Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
 2021-12-03 11:58:55 +01:00
Mariusz Felisiak
2fa95bfbd4 [4.0.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main
 2021-11-30 11:26:10 +01:00
Ryuji Tsutsui
5a61bdbb85 [4.0.x] Fixed typo in docs/releases/4.0.txt. 
Backport of b8c0b22f2f0f8ce664642332d6d872f300c662b4 from main
 2021-11-24 17:38:53 +01:00
jhisham
35c63c0513 [4.0.x] Added Malay language. 
Backport of 5e218cc0b704ebf64c460050a97b5fafe63e92b0 from main
 2021-11-18 22:05:27 +01:00
Mariusz Felisiak
b7b3bbc835 [4.0.x] Fixed #33253 -- Reverted "Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage." 
This reverts commit 91e21836f667c784a8a63ab1f18d81f553e679cb.

`export` and `import` directives have several syntax variants and not
all of them were properly covered.

Thanks Hervé Le Roy for the report.
Backport of ba9ced3e9a643a05bc521f0a2e6d02e3569de374 from main
 2021-11-05 12:11:59 +01:00
Carlton Gibson
3151daaa6c [4.0.x] Refs #33263 -- Expanded release notes for DeleteView adopting FormMixin. 
Backport of 2c01ebb4be5d53cbf6450f356c10e436025d6d07 from main
 2021-11-05 10:27:40 +01:00
Mariusz Felisiak
6fc689a22d [4.0.x] Corrected multiply defined labels in docs. 
Backport of 60503cc747eeda7c61bab02b71f8f55a733a6eea from main
 2021-11-04 10:46:30 +01:00
Mariusz Felisiak
b4ad6e32ca [4.0.x] Added stub release notes for Django 3.2.10. 
Backport of d811fa1d1012e746719aa3af351f56ad21f92610 from main
 2021-11-01 10:42:21 +01:00
Mariusz Felisiak
a98bbcc2bb [4.0.x] Added release date for 3.2.9. 
Backport of 7ec603ba259083298c9598a41987b4c4f2a5d134 from main
 2021-11-01 10:19:32 +01:00
David Smith
6aa917383f [4.0.x] Refs #32956 -- Changed docs to treat the acronym HTTP phonetically. 
Backport of 69b0736fad1d1f0197409ca025b7bcdf5666ae62 from main
 2021-10-19 06:33:00 +02:00
Hannes Ljungberg
00aa3e0b9b [4.0.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes/unique constraints on SQLite. 
This adjusts Expressions.rename_table_references() to only update alias
when needed.

Regression in 83fcfc9ec8610540948815e127101f1206562ead.

Co-authored-by: Simon Charette <charettes@users.noreply.github.com>

Backport of 86971c40909430a798e4e55b140004c4b1fb02ff from main
 2021-10-18 09:36:21 +02:00
Mariusz Felisiak
ab07cb4b54 [4.0.x] Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x. 
Backport of 604df4e0adc71da264f61fe85020a170c98e6f09 from main.
 2021-10-05 13:31:57 +02:00
Carlton Gibson
263a4bab37 [4.0.x] Added stub release notes for Django 3.2.9. 
Backport of c113f7fb0dae0dfd066d05acd1032c9f57a5aaf9 from main
 2021-10-05 09:39:48 +02:00
Carlton Gibson
6a852b937c [4.0.x] Added release date for 3.2.7. 
Backport of c5776bfca9e3f35e0ab5aacbdc1a4dbfe92fdfd1 from main
 2021-10-05 09:08:29 +02:00
David Wobrock
aab76433ed [4.0.x] Fixed #33141 -- Renamed Expression.empty_aggregate_value to empty_result_set_value. 
Backport of ad36a198a12df4dff65992191b3eb0a474e2daac from main
 2021-09-29 20:52:59 +02:00
Jero Bado
1350187f8e [4.0.x] Fixed typo in 4.0 release notes. 
Backport of 3f2170f720fe1e2b1030887684c18dc2fc20116b from main
 2021-09-22 15:17:40 +02:00
Carlton Gibson
8467c4ed3e [4.0.x] Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom. 
Thanks Benjamin Locher for the report.

Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b.
Backport of b0ed619303d2fb723330ca9efa3acf23d49f1d19 from main
 2021-09-21 19:59:09 +02:00
Mariusz Felisiak
32f052be0a Made cosmetic edits to docs/releases/4.0.txt. 2021-09-20 20:50:07 +02:00
Mariusz Felisiak
01042c46f0 Removed empty sections from 4.0 release notes. 2021-09-20 20:07:23 +02:00
David Smith
456466d932 Fixed #31026 -- Switched form rendering to template engine. 
Thanks Carlton Gibson, Keryn Knight, Mariusz Felisiak, and Nick Pope
for reviews.

Co-authored-by: Johannes Hoppe <info@johanneshoppe.com>
 2021-09-20 15:50:18 +02:00
Mariusz Felisiak
ef4ef3b8f5
Fixed #32504 -- Updated admin's jQuery to 3.6.0. 2021-09-20 06:54:35 +02:00
Ken Whitesell
0a9aa02e6f Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site. 2021-09-18 12:27:28 +02:00
Nikita Marchant
4e4082f939 Fixed #32492 -- Added TrigramWordSimilarity() and TrigramWordDistance() on PostgreSQL. 2021-09-17 13:05:15 +02:00
Giannis Adamopoulos
4555aa0a48 Fixed #27674 -- Deprecated GeoModelAdmin and OSMGeoAdmin. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-09-17 08:56:16 +02:00
Carlton Gibson
306607d5b9 Fixed #32365 -- Made zoneinfo the default timezone implementation. 
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick
Pope, and Paul Ganssle for reviews.
 2021-09-16 12:11:05 +02:00
Daniyal
ec212c6616 Fixed #33012 -- Added Redis cache backend. 
Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight,
Mariusz Felisiak, and Nick Pope for reviews and mentoring this
Google Summer of Code 2021 project.
 2021-09-14 15:50:08 +02:00
Claude Paroz
676bd084f2 Fixed #32873 -- Deprecated settings.USE_L10N. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-09-14 12:05:43 +02:00
Siburg
46c8df640c Fixed #32219 -- Made InlineModelAdmin.verbose_name_plural fallback to its verbose_name. 2021-09-08 13:20:13 +02:00
Mariusz Felisiak
4a43335d30
Fixed #30086, Refs #32873 -- Made floatformat template filter independent of USE_L10N. 2021-09-08 08:37:27 +02:00
Andrew-Chen-Wang
301a85a12f Fixed #32076 -- Added async methods to BaseCache. 
This also makes DummyCache async-compatible.
 2021-09-07 20:14:25 +02:00
sage
84c7c4a477 Fixed #32309 -- Added --exclude option to startapp/startproject management commands. 2021-09-01 12:08:02 +02:00
Mariusz Felisiak
af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Mariusz Felisiak
f3a0dc5b2a Added release date for 3.2.7. 2021-09-01 07:40:01 +02:00
Jan Szoja
b667ac24ea Fixed #25264 -- Allowed suppressing base command options in --help output. 
This also suppresses -verbosity and --trackback options in the
runserver's help.
 2021-08-31 11:04:02 +02:00