1
0
mirror of https://github.com/django/django.git synced 2025-07-11 13:19:13 +00:00

4256 Commits

Author SHA1 Message Date
Mariusz Felisiak
7d59c6d37c [4.1.x] Refs CVE-2022-34265 -- Unified DatabaseOperations._convert_*_to_tz() hook names.
Backport of 5e2f4ddf2940704a26a4ac782b851989668d74db from main
2022-07-09 13:03:19 +02:00
Simon Charette
585ed2f6d7 [4.1.x] Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 877c800f255ccaa7abde1fb944de45d1616f5cc9 from main
2022-07-06 09:10:41 +02:00
Mariusz Felisiak
ee79219f1b [4.1.x] Added CVE-2022-34265 to security archive.
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
2022-07-04 10:33:26 +02:00
Mariusz Felisiak
38c2bdba35 [4.1.x] Added stub release notes for 4.0.7.
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
2022-07-04 10:33:18 +02:00
Mariusz Felisiak
284b188a41 [4.1.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection.
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-04 08:26:02 +02:00
Mariusz Felisiak
6c0ee61797 [4.1.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main
2022-06-27 07:44:27 +02:00
Mariusz Felisiak
d783ce3d8d [4.1.x] Added stub release notes and release date for 4.0.6 and 3.2.14.
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
2022-06-27 07:16:51 +02:00
Mariusz Felisiak
91b365ef67 [4.1.x] Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0.
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd.
Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
2022-06-21 09:10:43 +02:00
Carlton Gibson
0fb02522f9 [4.1.x] Updated asgiref dependency for 4.1 release series.
Backport of 2a2bde52f31e09e95ce616e8e6bc0ffeb68f76c9 from main
2022-06-16 12:17:15 +02:00
Carlton Gibson
0fb0355271 [4.1.x] Added stub release notes for 4.0.6.
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
2022-06-01 14:40:30 +02:00
Carlton Gibson
b73abed2ea [4.1.x] Updated release date for Django 4.0.5.
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
2022-06-01 12:26:21 +02:00
Mariusz Felisiak
3d4bab28de [4.1.x] Fixed #33724 -- Doc'd exclude argument changes in model validation.
Thanks אורי for the report.

Follow up to 1ea7e3157d1f9b4db71e768d75ea57e47dbd49f9.
Backport of 90aabd730a2a434c227faf8a927b0e2ccd67e291 from main
2022-05-24 10:03:19 +02:00
Sankalp
170793f0b0 [4.1.x] Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable.
Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7.

Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8.

Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main
2022-05-21 14:36:02 +02:00
David Wobrock
820b4e565a [4.1.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters.
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.

Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
2022-05-19 07:52:44 +02:00
Carlton Gibson
d6e3756946 Removed empty sections from 4.1 release notes. 2022-05-17 11:21:08 +02:00
David Smith
d126eba363 Refs #32339 -- Deprecated default.html form template.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2022-05-17 11:16:54 +02:00
Alokik Vijay
6af8673255 Update docs/releases/4.1.txt
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-05-17 10:50:09 +02:00
Alokik Vijay
7f3cfaa12b Fixed #32565 -- Moved internal URLResolver view-strings mapping to admindocs.
Moved the functionality of URLResolver._is_callback(),
URLResolver._callback_strs, URLPattern.lookup_str() to
django.contrib.admindocs.
2022-05-17 10:50:09 +02:00
David Wobrock
97f124f39e Refs #27064 -- Made migrations generate RenameIndex operations when moving indexes from index_together to Meta.indexes. 2022-05-17 07:21:36 +02:00
David Wobrock
c6cec3c2d2 Refs #27064 -- Made migrations generate RenameIndex operations when renaming Meta.indexes. 2022-05-16 17:46:24 +02:00
Marcelo Galigniana
76af861356 Fixed #27550 -- Allowed GEOSGeometry.normalize() to return a normalized clone. 2022-05-16 06:46:53 +02:00
Mariusz Felisiak
d27e6b233f
Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool.
Thanks Ben Picolo for the report.
2022-05-16 06:17:40 +02:00
David Wobrock
eacd4977f6 Refs #27064 -- Added RenameIndex migration operation. 2022-05-12 20:44:03 +02:00
Kapil Bansal
3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields.
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
2022-05-12 14:16:52 +02:00
Mariusz Felisiak
68da6b389c
Fixed #33543 -- Deprecated passing nulls_first/nulls_last=False to OrderBy and Expression.asc()/desc().
Thanks Allen Jonathan David for the initial patch.
2022-05-12 11:30:03 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
Marc Seguí Coll
262fde94de Fixed #33622 -- Allowed customizing error messages for invalid number of forms.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-05-10 13:42:31 +02:00
Gagaro
667105877e Fixed #30581 -- Added support for Meta.constraints validation.
Thanks Simon Charette, Keryn Knight, and Mariusz Felisiak for reviews.
2022-05-10 11:22:23 +02:00
David Smith
ec5659382a Fixed #32339 -- Added div.html form template. 2022-05-05 14:32:43 +02:00
Mariusz Felisiak
37470bbd90
Fixed #33675 -- Dropped support for PostgreSQL 10 and PostGIS 2.4. 2022-05-04 06:28:51 +02:00
Carlton Gibson
c5fd5e3cc3 Updated release date for Django 4.0.5. 2022-05-03 09:18:42 +02:00
David
ce586ed693 Removed hyphen from pre-/re- prefixes.
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
David
33e89de8ca Changed "stdlib" to "Standard Library" in docs/releases/1.9.txt. 2022-04-28 10:44:14 +02:00
David
51874dd160 Added backticks to code literals in various docs. 2022-04-28 10:44:14 +02:00
David
15b888bb83 Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 2022-04-28 10:44:09 +02:00
David
1c2bf80acb Changed "ie." to "i.e." in docs. 2022-04-28 10:37:06 +02:00
Carlton Gibson
476d4d5087 Refs #32339 -- Allowed renderer to specify default form and formset templates.
Co-authored-by: David Smith <smithdc@gmail.com>
2022-04-27 10:21:04 +02:00
Andrew Godwin
58b27e0dbb Fixed #33646 -- Added async-compatible interface to QuerySet.
Thanks Simon Charette for reviews.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-04-26 20:25:23 +02:00
Mariusz Felisiak
eeb0bb6379
Refs #27674 --- Deprecated django.contrib.gis.admin.OpenLayersWidget. 2022-04-22 11:36:27 +02:00
Aymeric Augustin
12576bd371 Refactored out RedirectURLMixin.get_redirect_url().
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.

This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
2022-04-20 10:04:29 +02:00
Carlton Gibson
bf7c51a5f4 Fixed #33639 -- Enabled cached template loader in development. 2022-04-19 12:13:27 +02:00
Carlton Gibson
deedf5bbc3 Refs #31169 -- Added release note for parallel test running changes. 2022-04-14 12:38:31 +02:00
Florian Apolloner
2eea361eff Fixed #30511 -- Used identity columns instead of serials on PostgreSQL. 2022-04-13 21:51:51 +02:00
Mariusz Felisiak
b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78eeff8d33 Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11 10:32:22 +02:00
Mariusz Felisiak
6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos
62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
Regression in 68357b2ca9e88c40fc00d848799813241be39129.
2022-04-11 07:37:30 +02:00
Carlton Gibson
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00
sarahboyce
65effbdb10 Fixed #33471 -- Made AlterField operation a noop when changing "choices".
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00