1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
75f8264083
Corrected StreamingHttpResponse.streaming_content description in docs.
2019-08-02 16:37:49 +02:00
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
1692f69e37
Refs #30160 -- Doc'd startapp/startproject support for tarfile templates.
2019-07-31 09:46:24 +02:00
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
68aeb90160
Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
2019-07-29 09:52:29 +02:00
fe33fdc049
Refs #30656 -- Reorganized bulk methods in the database optimization docs.
2019-07-29 09:52:29 +02:00
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
2019-07-27 12:04:56 +02:00
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
5ed20b3aa3
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
...
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
8323691de0
Fixed typo in docs/topics/http/sessions.txt.
2019-07-23 15:10:58 +02:00
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
fc1182af01
Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
...
Thanks Carlton Gibson the review.
2019-07-19 16:06:05 +02:00
a2e1c17f19
Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
2019-07-19 16:06:05 +02:00
7f612eda80
Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
2019-07-18 18:40:40 +02:00
230d75f59c
Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
2019-07-18 12:56:25 +02:00
a3417282ac
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
...
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
7174cf0b00
Refs #29824 -- Added RangeOperators helper class.
2019-07-16 16:57:46 +02:00
ad4e83a6d1
Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
2019-07-16 15:08:14 +02:00
fa65b90a96
Updated WSGI servers ordering according to the more commonly used.
2019-07-16 14:43:59 +02:00
c1b94e32fb
Fixed explanation of how to automatically create tables in database.
2019-07-15 11:04:30 +02:00
8dd5877f58
Doc'd --no-input option for createsuperuser.
2019-07-11 10:25:39 +02:00
00d4e6f8b5
Updated Select2 to version 4.0.7.
2019-07-10 12:31:16 +02:00
7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364c
2019-07-10 10:33:36 +02:00
ee6e93ec87
Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
2019-07-10 07:46:08 +02:00
24e8f7f7d3
Fixed typos in docs/ref/django-admin.txt.
2019-07-09 13:38:11 +02:00
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
febe136d4c
Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints.
2019-07-08 14:57:56 +02:00
bc91f27a86
Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
...
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
34a88b21da
Fixed #30620 -- Made an example of admin-compliant custom user app pep8 compliant.
2019-07-08 07:39:28 +02:00
53209f7830
Fixed #30613 -- Moved index name validation to system checks.
2019-07-05 09:30:21 +02:00
f197c3dd91
Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match.
2019-07-04 13:14:51 +02:00
d37ea5f09b
Fixed #28581 -- Moved django.core.paginator documentation to API Reference.
...
Co-Authored-By: Arman <armansabyrov@gmail.com>
2019-07-04 11:04:39 +02:00
93b611c797
Refs #28581 -- Doc's how to paginate a ListView.
2019-07-04 11:04:31 +02:00
c13e3715f5
Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model.
2019-07-04 08:05:20 +02:00
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
4b32d039db
Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.
...
Equivalent note for PermissionsMixin was added in d33864ed13
2019-07-02 11:20:53 +02:00
fbb83fefd4
Fixed typos in comments and docs.
2019-07-02 09:36:17 +02:00
c2f381ef17
Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes.
2019-07-01 11:39:31 +02:00
868cd56f05
Added CVE-2019-12781 to the security release archive.
2019-07-01 10:14:36 +02:00
fc41401f33
Added release date for 2.2.3.
2019-07-01 07:48:45 +02:00
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
30b3ee9d0b
Added stub release notes for security releases.
2019-07-01 06:57:27 +02:00
d54baf6970
Updated translations from Transifex
...
Forward port of b3f7262e6e
2019-06-29 16:17:16 +02:00
a289e79679
Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator.
2019-06-26 09:25:24 +02:00
8454f6dea4
Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
2019-06-26 06:44:10 +02:00
833878411c
Fixed typo in docs/topics/db/models.txt.
2019-06-24 09:04:33 +02:00
2f91e7832f
Fixed typo in docs/ref/models/indexes.txt.
2019-06-24 08:58:56 +02:00
8590726a5d
Removed unneeded non-breaking spaces added in 00169bc36
2019-06-22 10:26:14 +02:00
87b1ad6e73
Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ManyToManyField.
2019-06-21 15:03:17 +02:00
2ef6f209f7
Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 07:07:23 +02:00
9aeac29949
Removed unnecessary backslashes from docs.
2019-06-20 14:04:36 +02:00
a415ce70be
Fixed #30451 -- Added ASGI handler and coroutine-safety.
...
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
cce47ff65a
Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object.
2019-06-20 11:48:49 +02:00
533311782f
Refs #30565 -- Doc'd HttpResponse.close() method.
2019-06-20 11:48:49 +02:00
00169bc361
Fixed #30547 -- Doc'd how Meta.constraints affect model validation.
2019-06-20 10:44:02 +02:00
a7038adbd0
Fixed typos in signals and custom management commands docs.
2019-06-19 08:40:46 +02:00
036362e0cf
Fixed typos and example in signals.pre_init docs.
2019-06-18 14:51:17 +02:00
87f5d07eed
Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names.
2019-06-14 18:20:29 +02:00
0c2ffdd526
Fixed an example of email with display name in EmailMessage.from_email.
2019-06-13 16:22:15 +02:00
fc2536fe66
Refs #29548 -- Doc'd MariaDB support for GIS database functions.
2019-06-13 10:26:21 +02:00
fde9b7d35e
Fixed #30128 -- Fixed handling timedelta timezone in database functions.
2019-06-13 09:29:43 +02:00
b616f65855
Added missing support for PointOnSurface function on MariaDB.
2019-06-12 10:51:43 +02:00
9e38ed0536
Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
...
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692 .
For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.
For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
175656e166
Fixed intword example in docs/ref/contrib/humanize.txt.
2019-06-11 20:18:36 +02:00
76b3fc5c8d
Fixed #30486 -- Fixed the default value of Aggregate.distinct and updated example of custom aggregate functions.
2019-06-11 11:40:48 +02:00
f3a03d5b61
Changed charset and collation link to MySQL docs.
2019-06-11 11:16:27 +02:00
03cd3d137e
Fixed #30553 -- Clarified the default value of disable_existing_loggers.
2019-06-10 13:38:49 +02:00
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
4b6dfe1622
Fixed #30542 -- Fixed crash of numerical aggregations with filter.
...
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.
Thanks to Chuan-Zheng Lee for the report.
Regression in c690afb873
2019-06-05 08:06:26 +02:00
1f81e2df69
Added stub release notes for 2.2.3.
2019-06-05 06:57:44 +02:00
8a187bfa3b
Updated release process notes for oss-security list content guidelines.
...
c.f. https://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines
2019-06-04 16:40:25 +02:00
5248abe9b0
Fixed #30505 -- Doc'd how changes in the order of Field.choices affect migrations.
2019-06-04 14:11:41 +02:00
21b1d23912
Added CVE-2019-12308 to the security release archive.
2019-06-03 21:44:55 +02:00
8fb0ea5583
Added CVE-2019-11358 to the security release archive.
2019-06-03 21:44:55 +02:00
100ec901ae
Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
2019-06-03 14:08:51 +02:00
5ab75adb90
Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
2019-06-03 14:08:51 +02:00
34ec52269a
Applied jQuery patch for CVE-2019-11358.
2019-06-03 11:36:12 +02:00
deeba6d920
Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link.
2019-06-03 11:36:12 +02:00
98c0fe19ee
Added stub release notes for security releases.
2019-06-03 10:48:52 +02:00
8543647306
Fixed #28831 -- Doc'd that InlineModelAdmin methods' obj argument is the parent object.
2019-05-31 12:35:15 +02:00
e2de49ec2e
Fixed #28520 -- Added --start-at/--start-after options to runtests.py.
2019-05-31 07:01:12 +02:00
480492fe70
Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader.
...
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.
If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.
Regression in 6754bffa2b
2019-05-29 09:41:24 +02:00
0344565179
Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature.
...
Regression in c8720e7696
2019-05-29 08:08:50 +02:00
67b6cb7723
Fixed #30491 -- Clarified when save() on object with pk executes INSERT.
2019-05-28 11:02:26 +02:00
a3f91891d2
Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when used in Subquery.
2019-05-28 10:05:50 +02:00
b2790f74d4
Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader.
...
Regression in c8720e7696
2019-05-28 08:31:33 +02:00
Mariusz Felisiak
niauah
Nick Pope
Carlton Gibson
Florian Apolloner
Étienne Beaulé
daniel a rios
Jon Dufresne
Tom Forbes
terminator14
Davit Gachechiladze
Mads Jensen
Frank Wiles
Hasan Ramezani
Johannes Hoppe
Simon Charette
can
Nuno
sp1rs
luto
swatantra
Min ho Kim
aitoehigie
Claude Paroz
nsasaki128
Meysam
Alexey Opalev
Nadège Michel
Andrew Godwin
Chris Jerdonek
Sanyam Khurana
Joachim Jablon
Vyacheslav Ver
Mykola Nicholas
Tobias Bengfort
Caio Ariede
parth
Brad Solomon