Commit Graph

3566 Commits

Author SHA1 Message Date
Mariusz Felisiak 82a88d2f48
Fixed #31061 -- Ignored positional args in django.urls.resolve() when all optional named parameters are missing.
Regression in 76b993a117.

Thanks Claude Paroz for the report and Carlton Gibson for reviews.
2019-12-06 09:32:51 +01:00
Hasan Ramezani 5d674eac87 Fixed #31039 -- Added support for contained_by lookup with AutoFields, SmallIntegerField, and DecimalField. 2019-12-05 15:50:39 +01:00
Gordon Pendleton adb9661789 Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True. 2019-12-05 09:44:45 +01:00
jsals1 1f62c008d1 Fixed typo in docs/releases/3.0.txt. 2019-12-05 07:55:20 +01:00
Aymeric Augustin c06492dd87 Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL. 2019-12-04 18:22:08 +01:00
Aymeric Augustin ad88524e4d Refs #23524 -- Unified BaseDatabaseWrapper.timezone.
There was a special case in this property to return None when the
database backend supports time zone. However, only the PostgreSQL
backend supports time zones and it never uses this property.
2019-12-04 18:07:51 +01:00
Mariusz Felisiak 95ae1a9f8c Fixed #31059 -- Fixed typo in docs/releases/3.0.txt. 2019-12-04 09:22:51 +01:00
Baptiste Mispelon 26cab4e8c1 Fixed #31046 -- Allowed RelatedManager.add()/create()/set() to accept callable values in through_defaults. 2019-12-03 19:47:38 +01:00
Andrew Godwin c90ab30fa1 Fixed #31056 -- Allowed disabling async-unsafe check with an environment variable. 2019-12-03 17:29:31 +01:00
Mariusz Felisiak 908c67e719 Added stub release notes for 3.0.1. 2019-12-02 21:43:59 +01:00
Carlton Gibson 3b347a8a00 Finalized release notes for Django 3.0. 2019-12-02 11:54:32 +01:00
Carlton Gibson 900ea762e5 Added CVE-2019-19118 to the security archive. 2019-12-02 11:42:24 +01:00
Carlton Gibson 368b8d20aa Removed issue reporter name from 2.1.15 and 2.2.8 release notes. 2019-12-02 09:46:25 +01:00
Carlton Gibson e31d185267 Added release dates for 2.1.15, 2.2.8 and 3.0. 2019-12-02 09:10:15 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Mariusz Felisiak 39e39d0ac1 Refs #30953 -- Added 2.1.15 release note for 0107e3d105. 2019-12-02 08:10:39 +01:00
Mariusz Felisiak 0107e3d105
Fixed #30953 -- Made select_for_update() lock queryset's model when using "self" with multi-table inheritance.
Thanks Abhijeet Viswa for the report and initial patch.
2019-12-02 07:57:19 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
Regression in 98296f86b3.
2019-11-29 08:23:01 +01:00
Farhaan Bukhsh 1f817daa20 Fixed #30803 -- Allowed comma separators for milliseconds in django.utils.dateparse functions.
Co-Authored-By: Ben Wilber <benwilber@gmail.com>
2019-11-27 09:43:12 +01:00
Farhaan Bukhsh 42b23d1e79 Refs #30803 -- Allowed comma separators for decimal fractions in parse_duration(). 2019-11-27 09:43:12 +01:00
Sergey Fedoseev abc51d44af Used 🎫 role in all tickets links. 2019-11-26 14:02:24 +01:00
Baptiste Mispelon 52936eface Fixed #31031 -- Fixed data loss in admin changelist view when formset's prefix contains regex special chars.
Regression in b18650a263.
2019-11-26 08:48:10 +01:00
Sergey Fedoseev a5855c8f0f Fixed #30996 -- Added AsWKB and AsWKT GIS functions. 2019-11-22 13:40:48 +01:00
Carlton Gibson ee4a19053a Fixed #31012 -- Reverted "Fixed #29056 -- Fixed HTML5 validation of required SelectDateWidget."
This reverts commit f038214d91.

The initial issue was incorrect. Django 2.2, and before, did not
generate invalid HTML as reported. With f03821 in place invalid HTML
was generated.

Thanks to Kevin Brown for follow-up report and investigation.
2019-11-21 20:53:31 +01:00
Simon Charette e9a0e1d4f6 Fixed #30484 -- Added conditional expressions support to CheckConstraint. 2019-11-21 11:56:35 +01:00
Hasan Ramezani f69b32782e Fixed #30625 -- Doc'd cache.get()/delete() behavior change in Django 2.2. 2019-11-21 10:54:05 +01:00
Jon Dufresne f5ebdfce5c Fixed #25388 -- Added an option to allow disabling of migrations during test database creation. 2019-11-20 20:42:38 +01:00
Mariusz Felisiak e9def97d10 Added stub release notes for 2.1.15. 2019-11-19 12:33:39 +01:00
Daniel Izquierdo 89abecc75d Fixed #27272 -- Added an on_delete RESTRICT handler to allow cascading deletions while protecting direct ones. 2019-11-19 10:55:05 +01:00
Caio Ariede 555bebe774 Fixed #30987 -- Added models.PositiveBigIntegerField. 2019-11-19 09:34:11 +01:00
Sergey Fedoseev f95b59a1b3 Fixed #30994 -- Added Oracle support for AsGeoJSON GIS function. 2019-11-18 15:32:44 +01:00
Simon Charette 11e327a3ff Fixed #30988 -- Deprecated the InvalidQuery exception.
It was barely documented without pointers at its defining location and
was abused to prevent misuse of the QuerySet field deferring feature.
2019-11-18 14:06:51 +01:00
Dulmandakh 24b9f50823 Fixed #29916 -- Added lower_inc, lower_inf, upper_inc, and upper_inf lookups for RangeFields.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-11-14 22:27:29 +01:00
daniel a rios efc3e32d6d Fixed #30759 -- Made cache.delete() return whether it succeeded.
Thanks Simon Charette for the review.
2019-11-14 11:14:11 +01:00
Mariusz Felisiak b93a0e34d9
Refs #29926 -- Doc'd Python 3.8 compatibility in Django 2.2.x. 2019-11-12 22:11:44 +01:00
Mariusz Felisiak 30359496a3 Added stub release notes for 2.2.8 release. 2019-11-12 14:37:59 +01:00
Hasan Ramezani 153c7956f8 Fixed #24858 -- Added support for get_FOO_display() to ArrayField and RangeFields.
_get_FIELD_display() crashed when Field.choices was unhashable.
2019-11-08 10:59:24 +01:00
Nick Pope 02983c5242 Fixed #30943 -- Added BloomIndex to django.contrib.postgres. 2019-11-07 11:23:53 +01:00
Jon Dufresne 26554cf5d1 Fixed #29983 -- Replaced os.path() with pathlib.Path in project template and docs.
Thanks Curtis Maloney for the original patch.
2019-11-07 11:11:27 +01:00
Jon Dufresne 77aa74cb70 Refs #29983 -- Added support for using pathlib.Path in all settings. 2019-11-07 10:26:22 +01:00
Mariusz Felisiak 4c45b627f8 Removed unused import of ACTION_CHECKBOX_NAME in django.contrib.admin.
Unused since e651b3095c.
2019-11-06 12:49:42 +01:00
Jon Dufresne fbbff7f808 Refs #29983 -- Added pathlib.Path support to the file email backend. 2019-11-06 09:33:07 +01:00
Stephen Rauch 4b6db766ba Refs #30183 -- Doc'd dropping support for sqlparse < 0.2.2.
Support for sqlparse < 0.2.2 was broken in
782d85b6df because is_whitespace property
was added in sqlparse 0.2.2.
2019-11-06 08:45:43 +01:00
Jon Dufresne b9fe7f9294 Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules.
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.

More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
2019-11-05 08:16:31 +01:00
Claude Paroz 6ccb1b68bc Added Uzbek language. 2019-11-04 14:50:00 +01:00
Mariusz Felisiak 126cfefce2 Added release dates for 2.2.7, 2.1.14, and 1.11.26. 2019-11-04 08:20:22 +01:00
Carlton Gibson 2d38eb0ab9 Fixed #30931 -- Restored ability to override Model.get_FIELD_display().
Thanks Sergey Fedoseev for the implementation idea.

Regression in a68ea23101.
2019-11-04 07:55:34 +01:00
Sky 3cf907c20c Fixed #30761 -- Prevented floatformat filter from returning a negative zero. 2019-10-31 10:48:35 +01:00
Hasan Ramezani 17752003a8 Refs #28428 -- Made FileSystemStorage.save() to support pathlib.Path. 2019-10-31 09:06:05 +01:00
Hasan Ramezani 6315a272c5 Refs #28428 -- Made filepath_to_uri() support pathlib.Path. 2019-10-30 13:13:15 +01:00
Sergey Fedoseev 6bbf9a20e2 Fixed #29770 -- Added LinearRing.is_counterclockwise property. 2019-10-25 14:28:26 +02:00
Nick Pope 55df1750be Refs #30897 -- Added support for ANALYZE option to Queryset.explain() on MariaDB and MySQL 8.0.18+. 2019-10-24 15:13:26 +02:00
Nick Pope 742961332e Refs #30897 -- Added support for TREE format to Queryset.explain() on MySQL 8.0.16+. 2019-10-24 15:13:23 +02:00
Hannes Ljungberg fa5f3291e7 Fixed #30903 -- Fixed migrations crash on PostgreSQL when adding Index with opclasses and ordering. 2019-10-24 09:33:14 +02:00
André Ericson 3120490912 Fixed #30876 -- Moved classproperty() decorator to the django.utils.functional. 2019-10-21 09:57:39 +02:00
André Ericson 31174031f1 Fixed #30841 -- Deprecated using non-boolean values for isnull lookup. 2019-10-21 08:44:20 +02:00
Pavel Savchenko 1711c509fa Fixed #27391 -- Implemented SimpleTestCase.debug().
debug() should bubbled up exceptions if occurring in test, but behave
the same as run() when no exceptions occurred.
2019-10-18 12:22:51 +02:00
Mariusz Felisiak 3a8af298b9 Fixed #30890 -- Added MariaDB support for the relate lookup. 2019-10-18 07:46:31 +02:00
Mariusz Felisiak 187a64608d Fixed #30885 -- Dropped support for MariaDB 10.1. 2019-10-16 18:40:48 +02:00
Mariusz Felisiak 06d34aab7c Fixed #30870 -- Fixed showing that RunPython operations are irreversible by migrate --plan.
Thanks Hasan Ramezani for the initial patch and Kyle Dickerson for the
report.
2019-10-14 11:13:27 +02:00
Louise Grandjonc 7d1bf29977 Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
Regression in 6c3dfba892.
2019-10-11 10:55:22 +02:00
Flavio Curella ed112fadc1 Fixed #23755 -- Added support for multiple field names in the no-cache Cache-Control directive to patch_cache_control().
https://tools.ietf.org/html/rfc7234#section-5.2.2.2
2019-10-10 19:30:51 +02:00
Mariusz Felisiak 2a6f45e08e Fixed typos in docs/releases/3.0.txt. 2019-10-10 14:22:04 +02:00
Viktor Lomakin ee6b17187f Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content. 2019-10-10 09:51:05 +02:00
Benjy Weinberger 3cd3bebe89 Fixed #30300 -- Allowed migrations to be loaded from directories without __init__.py file. 2019-10-10 08:31:41 +02:00
Carlton Gibson f4ac9ae8d9 Refs #14218 -- Adjusted release note to use present tense.
Thanks to Tim Graham for review.
2019-10-03 10:14:06 +02:00
Anatol Ulrich 8ed6788aa4 Fixed #30821 -- Added ExtractIsoWeekYear database function and iso_week_day lookup. 2019-10-02 10:41:34 +02:00
Tanner Stirrat 17595407ca Fixed #14218 -- Added Paginator.__iter__(). 2019-10-02 09:49:31 +02:00
Mariusz Felisiak 84322a29ce Added stub release notes for 1.11.26 and 2.1.14. 2019-10-02 07:49:47 +02:00
Carlton Gibson e1c1eaf0c6 Added stub release notes for 2.2.7. 2019-10-01 10:43:30 +02:00
Carlton Gibson 3826aed46d Added release dates for 2.2.6, 2.1.13, and 1.11.25. 2019-10-01 08:49:15 +02:00
Oleg Kainov c574bec092 Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
Thanks Florian Apolloner for reviews.

Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
Mads Jensen 129583a0d3 Removed some outdated backwards compatibility imports and misleading comments.
EmptyResultSet moved in 46509cf13d.
FieldDoesNotExist moved in 8958170755.
BoundField and pretty_name moved in 8550161e53.
EMPTY_VALUES moved in 471596fc1a.
BaseRunserverCommand moved in 5c53e30607.
2019-09-24 15:18:53 +02:00
Johannes Hoppe b31e63879e Fixed #29444 -- Allowed returning multiple fields from INSERT statements on Oracle. 2019-09-24 10:22:43 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Daniel Fairhead 5cb3ed187b Fixed #30772 -- Optimized make_template_fragment_key().
Removed usage of urllib.quote(), unnecessary since cbbe60c7fc.
Used hasher's .update() on key fragments.
2019-09-18 14:53:05 +02:00
Simon Charette 6c3dfba892 Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
2019-09-16 08:24:40 +02:00
Mariusz Felisiak bd7e0f81f8 Added stub release notes for 1.11.25 and 2.1.13. 2019-09-16 07:37:47 +02:00
Nick Pope 1c66767d4e Refs #27910 -- Improved documentation for model field choice enumeration types. 2019-09-13 15:37:40 +02:00
Carlton Gibson ea25bdc2b9 Added PBKDF2 hasher iteration increase to 3.0 release notes.
Refs 06670015f7
2019-09-12 17:24:01 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mariusz Felisiak 0ddb4ebf7b Refs #14357 -- Made Meta.ordering not affect GROUP BY queries.
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak b61ea56789 Refs #28478 -- Removed support for TestCase's allow_database_queries and multi_db per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak f1894bae30 Refs #28606 -- Removed CachedStaticFilesStorage per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 81993b47ea Refs #29703 -- Removed QuerySetPaginator alias per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak cb2be9d5d5 Refs #29546 -- Removed django.utils.timezone.FixedOffset per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak b47bb4c4a7 Refs #29598 -- Removed FloatRangeField per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 32796826bb Added stub release notes for 3.1. 2019-09-10 12:00:56 +02:00
Simon Charette 34decdebf1 Fixed #30754 -- Prevented inclusion of aliases in partial index conditions.
SQLite doesn't repoint table aliases in partial index conditions on table
rename which breaks the documented table alteration procedure.

Thanks Pēteris Caune for the report.
2019-09-10 10:03:16 +02:00
Carlton Gibson a624803514 Finalised release notes for 3.0 alpha release.
* Removed empty sections
* Corrected some typos and wrapping errors.
2019-09-10 09:58:42 +02:00
Vojtech Bocek b1d37fea8f Fixed #28107 -- Added DatabaseFeatures.allows_group_by_selected_pks_on_model() to allow enabling optimization for unmanaged models. 2019-09-09 14:04:46 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Nick Pope 1edbb6c194 Refs #30426 -- Moved release notes into separate security section. 2019-09-09 13:35:31 +02:00
Johannes Hoppe 7254f1138d Refs #29444 -- Allowed returning multiple fields from INSERT statements on PostgreSQL.
Thanks Florian Apolloner, Tim Graham, Simon Charette, Nick Pope, and
Mariusz Felisiak for reviews.
2019-09-09 10:51:14 +02:00
Claude Paroz 05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Mariusz Felisiak 350123f38c
Moved release note for refs #30158 from deprecated to backwards incompatible changes. 2019-09-05 15:56:52 +02:00
Mariusz Felisiak e2c6a0858d Fixed #30750 -- Added support for check constraints on MySQL 8.0.16+. 2019-09-05 09:18:34 +02:00
Shai Berger 72ebe85a26 Fixed #27910 -- Added enumeration helpers for use in Field.choices.
These classes can serve as a base class for user enums, supporting
translatable human-readable names, or names automatically inferred
from the enum member name.

Additional properties make it easy to access the list of names, values
and display labels.

Thanks to the following for ideas and reviews:

Carlton Gibson, Fran Hrženjak, Ian Foote, Mariusz Felisiak, Shai Berger.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-09-04 14:42:49 +02:00
Nasir Hussain 25706d7285 Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler. 2019-09-04 08:40:46 +02:00
Mariusz Felisiak 0d4529d314 Added stub release notes for 2.2.6. 2019-09-04 08:02:32 +02:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Mariusz Felisiak 47f49adc11 Added release dates for 2.2.5, 2.1.12, and 1.11.24. 2019-09-02 07:43:51 +02:00
yukihira1992 0545781764 Fixed #30736 -- Added Storage.get_alternative_name() to allow customization. 2019-08-30 11:32:19 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
Matthew Schinckel 4137fc2efc Fixed #25367 -- Allowed boolean expressions in QuerySet.filter() and exclude().
This allows using expressions that have an output_field that is a
BooleanField to be used directly in a queryset filters, or in the
When() clauses of a Case() expression.

Thanks Josh Smeaton, Tim Graham, Simon Charette, Mariusz Felisiak, and
Adam Johnson for reviews.

Co-Authored-By: NyanKiyoshi <hello@vanille.bid>
2019-08-29 09:45:29 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Dulmandakh 06372a8d27 Fixed #30507 -- Updated admin's jQuery to 3.4.1. 2019-08-23 11:00:16 +02:00
Mads Jensen 85ac838d9e Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL.
Thanks to Simon Charettes for review.

Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-21 13:10:06 +02:00
François Freitag 9a88e43aeb Fixed broken links and redirects in documentation.
Removed reference to custom builds, feature removed in
8e6b3bba99.
2019-08-21 10:57:24 +02:00
Nick Pope 21e559495b Fixed #29979, Refs #17337 -- Extracted AutoField field logic into a mixin and refactored AutoFields.
This reduces duplication by allowing AutoField, BigAutoField and
SmallAutoField to inherit from IntegerField, BigIntegerField and
SmallIntegerField respectively. Doing so also allows for enabling the
max_length warning check and minimum/maximum value validation for auto
fields, as well as providing a mixin that can be used for other possible
future auto field types such as a theoretical UUIDAutoField.
2019-08-20 09:22:25 +02:00
Claude Paroz d1c2e6dd04 Refs #28428 -- Made FileField.upload_to support pathlib.Path. 2019-08-18 20:34:58 +02:00
Claude Paroz 0468159763 Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True. 2019-08-18 13:17:49 +02:00
Adnan Umer 6805c0f99f Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231. 2019-08-16 15:25:42 +02:00
zeyneloz 00035672a4 Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering.
Regression in 6d4e5feb79.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-08-15 10:29:05 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Adnan Umer 8d3519071e Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning. 2019-08-08 21:14:06 +02:00
Andrew Godwin 052388aba4 Fixed #30676 -- Added --pdb option to test runner. 2019-08-07 08:16:31 +02:00
Mariusz Felisiak 1af469e67f Added stub release notes for 2.2.5. 2019-08-02 20:32:21 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
Carlton Gibson a5652eb795 Added CVE-2019-14235 to security release archive. 2019-08-01 12:01:27 +02:00
Carlton Gibson 3a6a2f5eaf Added CVE-2019-14234 to security release archive. 2019-08-01 11:59:45 +02:00
Carlton Gibson 9600f63885 Added CVE-2019-14233 to security release archive. 2019-08-01 11:57:24 +02:00
Carlton Gibson 87750787d1 Added CVE-2019-14232 to the security release archive. 2019-08-01 11:54:24 +02:00
Florian Apolloner 76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Jon Dufresne 4122d9d3f1 Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
Regression in 519016e5f2.
2019-07-27 12:04:56 +02:00
Carlton Gibson f13147c8de Added stub release notes for security releases. 2019-07-25 10:49:30 +02:00
Jon Dufresne 5ed20b3aa3 Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Tom Forbes fc75694257 Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 2019-07-24 14:08:37 +02:00
Tom Forbes 2ff517ccb6 Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 2019-07-23 10:03:23 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mads Jensen 7174cf0b00 Refs #29824 -- Added RangeOperators helper class. 2019-07-16 16:57:46 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
2019-07-10 10:33:36 +02:00
Simon Charette ee6e93ec87 Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
Expressions referring to different bound fields should not be
considered equal.

Thanks Julien Enselme for the detailed report.

Regression in bc7e288ca9.
2019-07-10 07:46:08 +02:00
Mariusz Felisiak 08e69cad9c Added stub release notes for 2.2.4. 2019-07-09 07:39:35 +02:00
can febe136d4c Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints. 2019-07-08 14:57:56 +02:00
Johannes Hoppe bc91f27a86 Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Mariusz Felisiak 868cd56f05 Added CVE-2019-12781 to the security release archive. 2019-07-01 10:14:36 +02:00
Mariusz Felisiak fc41401f33 Added release date for 2.2.3. 2019-07-01 07:48:45 +02:00
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mariusz Felisiak 30b3ee9d0b Added stub release notes for security releases. 2019-07-01 06:57:27 +02:00