Commit Graph

3682 Commits

Author SHA1 Message Date
Claude Paroz 71c4fb7beb Refs #27468 -- Changed default Signer algorithm to SHA-256. 2020-04-15 12:49:14 +02:00
Adam Johnson 5b884d45ac Fixed #29501 -- Allowed dbshell to pass options to underlying tool. 2020-04-14 14:02:51 +01:00
Adam Johnson 8e8c3f964e Refs #29501 -- Allowed customizing exit status for management commands. 2020-04-14 13:22:47 +02:00
Sergey Fedoseev b9e2355eb0 Fixed #31196 -- Added support for PostGIS 3. 2020-04-14 13:19:59 +02:00
Mariusz Felisiak cc70a0343e
Fixed term warning on Sphinx 3.0.1+.
"term" role became case sensitive in Sphinx 3.0.1.
2020-04-14 09:32:09 +02:00
David Smith a350bfa6f4 Fixed #13009 -- Added BoundField.widget_type property. 2020-04-10 07:11:14 +02:00
miigotu 210657b791 Fixed #28184 -- Allowed using a callable for FileField and ImageField storage. 2020-04-08 11:26:17 +02:00
Sergey Fedoseev 026719cf17 Fixed #31030 -- Registered SQLite functions as deterministic on Python 3.8+. 2020-04-06 11:26:00 +02:00
Simon Charette 98ea4f0f46 Refs #7098 -- Deprecated passing raw column aliases to order_by().
Now that order_by() has expression support passing RawSQL() can achieve
the same result.

This was also already supported through QuerySet.extra(order_by) for
years but this API is more or less deprecated at this point.
2020-04-06 10:01:02 +02:00
Hasan Ramezani 4237050684 Fixed #31420 -- Fixed crash when filtering subquery annotation against a SimpleLazyObject.
Thanks Simon Charette for the solution and analysis.
2020-04-06 07:11:29 +02:00
c-bata 89032876f4 Fixed #31275 -- Optimized sql_flush() without resetting sequences on MySQL.
Co-Authored-By: Simon Charette <charettes@users.noreply.github.com>
2020-04-02 12:57:53 +02:00
Carlton Gibson b1f88476db Corrected docs spelling of PgBouncer. 2020-04-01 14:55:11 +02:00
Adam Johnson 1cdfe8d912 Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
Carlton Gibson a7e4ff370c Added stub release notes for 3.0.6. 2020-04-01 10:09:43 +02:00
Carlton Gibson b56243b77f Added release dates for 2.1.12 and 3.0.5. 2020-04-01 09:14:56 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Deep Sukhwani 4b146e0c83 Fixed #30864 -- Doc'd classproperty decorator. 2020-03-31 10:46:48 +02:00
Adam Johnson 93ed71e058 Fixed #31403 -- Added support for returning fields from INSERT statements on MariaDB 10.5+. 2020-03-31 07:25:50 +02:00
Gordon Pendleton d0da2820ca Fixed #31402 -- Added migrate --check option.
Command exits with non-zero status if unapplied migrations exist.
2020-03-26 20:12:39 +01:00
Hannes Ljungberg f3da09df0f Fixed #31396 -- Added binary XOR operator to F expressions. 2020-03-25 10:16:30 +01:00
Hasan Ramezani 10866a10fe Fixed #31377 -- Disabled grouping by aliases on QuerySet.values()/values_list() when they collide with field names.
Regression in fb3f034f1c.

Thanks Holovashchenko Vadym for the report.
2020-03-25 09:13:46 +01:00
David Smith 27746ab28a Fixed #7664 -- Allowed customizing suffixes of MultiWidget.widgets' names. 2020-03-24 20:05:18 +01:00
Hannes Ljungberg 0b51a4f894 Fixed #28194 -- Added support for normalization and cover density to SearchRank. 2020-03-23 11:00:55 +01:00
Adam Johnson 4ed534758c Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context. 2020-03-23 08:11:14 +01:00
Hasan Ramezani 53b6a466d8 Refs #29724 -- Added is_dst parameter to QuerySet.datetimes().
Thanks Simon Charette for the review and Mariusz Felisiak for tests.
2020-03-20 12:55:33 +01:00
gowthamk63 142ab6846a Fixed #31123 -- Added --include-stale-apps option to the remove_stale_contenttypes management command.
Co-Authored-By: Javier Buzzi <buzzi.javier@gmail.com>
2020-03-19 11:48:10 +01:00
Andrew Godwin fc0fa72ff4 Fixed #31224 -- Added support for asynchronous views and middleware.
This implements support for asynchronous views, asynchronous tests,
asynchronous middleware, and an asynchronous test client.
2020-03-18 19:59:12 +01:00
Ryan Petrello 5f8495a40a Fixed #31371 -- Increased User.first_name max_length to 150 characters. 2020-03-18 08:22:49 +01:00
Baptiste Mispelon 3baf92cf82 Fixed #31340 -- Allowed query expressions in SearchQuery.value and __search lookup. 2020-03-16 10:27:23 +01:00
jay20162016 924c01ba09 Fixed #31363 -- Added support for negative integers to intword template filter. 2020-03-16 08:44:43 +01:00
David Smith ccf32aca44 Fixed #8760 -- Changed ModelMultipleChoiceField to use invalid_list as a error message key. 2020-03-12 09:36:01 +01:00
Claude Paroz e663f695fb Fixed #31359 -- Deprecated get_random_string() calls without an explicit length. 2020-03-11 13:16:44 +01:00
Claude Paroz e3e48b0012
Fixed #30439 -- Added support for different plural forms for a language.
Thanks to Michal Čihař for review.
2020-03-10 15:56:32 +01:00
Carlton Gibson 692870b611 Removed trailing whitespace in 3.1 release notes. 2020-03-10 12:01:32 +01:00
Carlton Gibson a4200e958d Added stub release notes for 2.2.12. 2020-03-10 12:01:01 +01:00
Jon Dufresne eb77e80de0 Fixed #31349 -- Used :nth-child() CSS pseudo-class to style alternative rows in admin. 2020-03-09 12:34:32 +01:00
Jon Dufresne 769cee5252 Fixed #31327 -- Deprecated providing_args argument for Signal. 2020-03-05 09:38:52 +01:00
Mariusz Felisiak 1b3a900a69 Added stub release notes for 3.0.5. 2020-03-04 10:56:07 +01:00
Mariusz Felisiak 43f8ba1c7c Fixed typo in docs/releases/1.11.29.txt. 2020-03-04 10:46:43 +01:00
Mariusz Felisiak f37f9a0bf0 Added CVE-2020-9402 to security archive. 2020-03-04 09:59:07 +01:00
Mariusz Felisiak 6695d29b1c Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
Thanks to Norbert Szetei for the report.
2020-03-04 09:04:50 +01:00
Hannes Ljungberg 65ab4f9f03 Fixed #31147 -- Added SearchHeadline to django.contrib.postgres. 2020-03-03 15:39:52 +01:00
Mariusz Felisiak 7b8fa1653f Fixed #31150 -- Included subqueries that reference related fields in GROUP BY clauses.
Thanks Johannes Hoppe for the report.

Regression in fb3f034f1c.

Co-authored-by: Simon Charette <charette.s@gmail.com>
2020-03-03 11:25:37 +01:00
Claude Paroz d4fff711d4 Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-03-02 12:16:48 +01:00
Carlton Gibson 8b30360322
Fixed #31032 -- Updated admin browser support FAQ for 2020.
Following web standards, the modern _evergreen_ browsers are all
supported. This applies equally to mobile platforms. Assuming current
trends continue, this should be a sustainable policy.

Microsoft deprecated all versions of Internet Explorer. IE 11, the last
version, is described as a "compatibility solution" rather than a web
browser. Whilst it will receive security updates for the lifetime of
Windows 10 it's use is actively discouraged.

The IE 11 downloads page makes it clear: "We recommend you use the new
Microsoft Edge".
2020-02-28 12:39:14 +01:00
Simon Charette 41ebe60728 Fixed #31312 -- Properly ordered temporal subtraction params on MySQL.
Regression in 9bcbcd599a.

Thanks rick2ricks for the report.
2020-02-27 08:50:55 +01:00
Adam Johnson a6b3938afc
Fixed #31182 -- Adjusted release notes for ASGI support. 2020-02-20 15:05:47 +01:00
Claude Paroz 4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Mariusz Felisiak 2a038521c4
Fixed #31271 -- Preserved ordering when unifying query parameters on Oracle.
This caused misplacing parameters in logged SQL queries.

Regression in 79065b55a7.

Thanks Hans Aarne Liblik for the report.
2020-02-18 11:45:12 +01:00
Keshav Kumar f37d548ede Fixed #20995 -- Added support for iterables of template names to {% include %} template tag.
Thanks Adam Johnson for the review.
2020-02-18 06:56:05 +01:00
Claude Paroz da4923ea87 Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. 2020-02-12 21:46:56 +01:00
Abhijeet Viswa 1712a76b9d Fixed #31246 -- Fixed locking models in QuerySet.select_for_update(of=()) for related fields and parent link fields with multi-table inheritance.
Partly regression in 0107e3d105.
2020-02-11 20:43:57 +01:00
Florian Apolloner 41a3b3d186 Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used.
Thanks to Oskar Persson for the report.
2020-02-11 20:39:12 +01:00
Jon Dufresne e3f6e18513 Fixed #31253 -- Fixed data loss possibility when using caching from async code.
Case missed in a415ce70be.
2020-02-11 09:09:25 +01:00
Mariusz Felisiak 7e8339748c Added stub release notes for 2.2.11. 2020-02-10 08:18:58 +01:00
Mariusz Felisiak 932bd794b2 Added "Bugfixes" section to release notes for 3.0.4. 2020-02-10 08:14:58 +01:00
Simon Charette 430e796980 Refs #31055 -- Made DiscoverRunner skip running system checks on unused test databases. 2020-02-07 11:01:31 +01:00
Simon Charette 0b83c8cc4d Refs #31055 -- Added --database option to the check management command.
This avoids enabling the ``database`` checks unless they are explicitly
requested and allows to disable on a per-alias basis which is required
when only creating a subset of the test databases.

This also removes unnecessary BaseCommand._run_checks() hook.
2020-02-07 11:01:31 +01:00
Jon Dufresne f48f671223 Refs #31233 -- Changed DatabaseWrapper._nodb_connection to _nodb_cursor().
It is now a method instead of a property and returns a context manager
that yields a cursor on entry and closes the cursor and connection upon
exit.
2020-02-06 15:29:38 +01:00
Adam Johnson 72b97a5b1e Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. 2020-02-05 14:39:01 +01:00
Adam Johnson de1924e0e7
Improved grammar in 3.0 release notes for SECURE_CONTENT_TYPE_NOSNIFF change. 2020-02-05 12:46:14 +01:00
Adam Johnson 469bf2db15 Fixed #31210 -- Doc'd how to reproduce HttpRequest.is_ajax() in release notes. 2020-02-04 12:21:48 +01:00
Adam Johnson 85cb59cba9 Fixed typo in docs/releases/3.1.txt. 2020-02-04 12:21:45 +01:00
Claude Paroz 8ae84156d6 Fixed #27604 -- Used the cookie signer to sign message cookies.
Co-authored-by: Craig Anderson <craiga@craiga.id.au>
2020-02-04 08:05:02 +01:00
Carlton Gibson 273918c25b Added stub release notes for 3.0.4. 2020-02-03 10:23:54 +01:00
Carlton Gibson d8b2ccbbb8 Added CVE-2020-7471 to security archive. 2020-02-03 10:11:34 +01:00
Carlton Gibson 1a2600d8df Added release date for 3.0.3. 2020-02-03 08:52:16 +01:00
Simon Charette eb31d84532 Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
Hasan Ramezani a97111eabf Fixed 31207 -- Prevented references to non-local remote fields in ForeignKey.to_field.
Thanks Simon Charette for the initial patch and review.
2020-01-31 10:19:12 +01:00
Mariusz Felisiak 0ac8ac8b0d
Refs #25778 -- Updated some links to HTTPS and new locations. 2020-01-29 09:34:37 +01:00
Nick Pope c9bf1910e2 Refs #30997 -- Added link to Fetch API in release notes. 2020-01-28 08:37:41 +01:00
Claude Paroz e348ab0d43 Fixed #30997 -- Deprecated HttpRequest.is_ajax(). 2020-01-27 08:54:32 +01:00
Claude Paroz 7fa0fa45c5 Refs #30997 -- Removed HttpRequest.is_ajax() usage. 2020-01-27 08:52:40 +01:00
Claude Paroz d66d72f956 Refs #30997 -- Added HttpRequest.accepts(). 2020-01-24 14:24:59 +01:00
Hasan Ramezani b94764e178 Fixed #27888 -- Added link to clear all filters in the admin changelist view. 2020-01-23 14:14:54 +01:00
Eugene Hatsko 0b013564ef Fixed #31190 -- Fixed prefetch_related() crash for GenericForeignKey with custom ContentType foreign key.
Regression in dffa3e1992.
2020-01-22 07:54:16 +01:00
Pavel Lysak 13e4abf83e Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. 2020-01-16 15:25:49 +01:00
Flavio Curella d08d4f464a Fixed #30765 -- Made cache_page decorator take precedence over max-age Cache-Control directive. 2020-01-16 13:39:16 +01:00
Carlton Gibson 29c126bb34 Fixed #31124 -- Fixed setting of get_FOO_display() when overriding inherited choices.
Regression in 2d38eb0ab9
2020-01-15 15:35:22 +01:00
Carlton Gibson 927c903f3c Refs #31097 -- Added release notes for 2f565f84ac.
.
2020-01-14 14:35:28 +01:00
Carlton Gibson 1f4b9f4f1f Removed unused ExceptionReporterFilter class.
Unused since 8f8c54f70b.
2020-01-11 20:18:38 +01:00
Mariusz Felisiak 6f7998adc7
Fixed #31155 -- Fixed a system check for the longest choice when a named group contains only non-string values.
Regression in b6251956b6.

Thanks Murat Guchetl for the report.
2020-01-11 19:47:36 +01:00
Carlton Gibson e2d9d66a22 Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter.
Co-authored-by: Ryan Castner <castner.rr@gmail.com>
2020-01-10 11:35:41 +01:00
Carlton Gibson 581ba5a948 Refs #23004 -- Allowed exception reporter filters to customize settings filtering.
Thanks to Tim Graham for the original implementation idea.

Co-authored-by: Daniel Maxson <dmaxson@ccpgames.com>
2020-01-10 11:21:23 +01:00
Adam Johnson 5166097d7c Fixed #31154 -- Added support for using enumeration types in templates.
Enumeration helpers are callables, so the template system tried to call
them with no arguments.

Thanks Rupert Baker for helping discover this.
2020-01-10 07:52:06 +01:00
Jack Cushman eb629f4c02 Fixed #30995 -- Allowed converter.to_url() to raise ValueError to indicate no match. 2020-01-09 14:41:41 +01:00
Shubham singh ffcf1a8ebf Fixed #31118 -- Made FileInput to avoid the required attribute when initial data exists. 2020-01-08 09:15:31 +01:00
Mariusz Felisiak 53d8646f79
Fixed #31141 -- Relaxed system check of translation settings for sublanguages.
Regression in 4400d8296d.

Thanks Enrique Matías Sánchez for the report.
2020-01-08 08:05:43 +01:00
Claude Paroz 188b003014 Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default input formats. 2020-01-07 11:08:40 +01:00
Claude Paroz 1487f16f2d Fixed #11385 -- Made forms.DateTimeField accept ISO 8601 date inputs.
Thanks José Padilla for the initial patch, and Carlton Gibson for the
review.
2020-01-06 10:52:09 +01:00
Mariusz Felisiak 0f843fdd5b
Fixed #31136 -- Disabled grouping by aliases on QuerySet.values()/values_list().
Regression in fb3f034f1c.

Thanks Sigurd Ljødal for the report.
2020-01-04 20:49:11 +01:00
Simon Charette 9bcbcd599a Fixed #31133 -- Fixed crash when subtracting against a subquery annotation.
The subtract_temporals() database operation was not handling expressions
returning SQL params in mixed database types.

Regression in 3543129822.

Thanks Reupen Shah for the report.
2020-01-03 10:35:08 +01:00
Federico Jaramillo Martínez 372eaa395f Fixed #28991 -- Added EmptyFieldListFilter class in admin.filters.
Thanks Simon Charette and Carlton Gibson for reviews.

Co-Authored-By: Jonas Haag <jonas@lophus.org>
Co-Authored-By: Christophe Baldy <christophe.baldy@polyconseil.fr>
2020-01-03 07:58:04 +01:00
Mariusz Felisiak 69331bb851 Added stub release notes for 3.0.3. 2020-01-02 08:36:08 +01:00
Mariusz Felisiak 434a81d320 Added release date for 3.0.2. 2020-01-02 07:55:53 +01:00
Farhaan Bukhsh cf5d4701dc Fixed #30819 -- Fixed year determination in admin calendar widget for two-digit years.
Two-digit years in the range of [00, 68] are in the current century,
while [69,99] are in the previous century, according to the Open Group
Specification.
2019-12-30 13:06:29 +01:00
Simon Charette 9e14bc2135 Refs #29260 -- Doc'd Model.save() behavior change in Django 3.0. 2019-12-30 07:49:10 +01:00
Simon Charette 5779cc938a Fixed #31071 -- Disabled insert optimization for primary keys with defaults when loading fixtures.
Model.save_base() is called directly when loading fixtures and assumes
existing rows will be updated. Branching of "raw" allows to maintain
the optimization introduced in #29260 while supporting this edge case.

Regression in 85458e94e3.

Thanks Reupen Shah for the report.
2019-12-30 07:49:10 +01:00
Mariusz Felisiak 22ce5d0031
Fixed #31106 -- Fixed migrations crash on PostgreSQL 10+ when adding FK constraints inline and changing data.
This allows adding foreign key constraints inline and changing data in
the same migration on PostgreSQL 10+.

Regression in 738faf9da2.

Thanks Janne Rönkkö for the report and Simon Charette for the
implementation idea and review.
2019-12-23 23:28:59 +01:00
Jon Dufresne 67ea35df52 Fixed #30998 -- Added ModelChoiceIteratorValue to pass the model instance to ChoiceWidget.create_option(). 2019-12-23 10:34:50 +01:00
Simon Charette 720de4d044 Fixed #31109 -- Disabled grouping by aliases on QuerySet.exists().
Clearing the SELECT clause in Query.has_results was orphaning GROUP BY
references to it.

Thanks Thierry Bastian for the report and Baptiste Mispelon for the
bisect.

Regression in fb3f034f1c.
2019-12-23 09:24:03 +01:00
Simon Charette 5a4d7285bd Fixed #31094 -- Included columns referenced by subqueries in GROUP BY on aggregations.
Thanks Johannes Hoppe for the report.

Regression in fb3f034f1c.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-19 10:04:56 +01:00
Mike Hansen d291c72bf2 Fixed #30585 -- Added {% translate %} and {% blocktranslate %} template tags. 2019-12-18 13:15:38 +01:00
Mariusz Felisiak 50a69efb2e Added stub release notes for 3.0.2. 2019-12-18 10:51:57 +01:00
Mariusz Felisiak 5a2b9f0b54 Added CVE-2019-19844 to the security archive. 2019-12-18 10:36:22 +01:00
Simon Charette 5b1fbcef7a Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
James Turk ff00a05347 Fixed #31088 -- Added support for websearch searching in SearchQuery. 2019-12-16 14:59:59 +01:00
Rabah Saadi 5b7450080f Added Algerian Arabic language. 2019-12-14 16:26:31 +01:00
Hasan Ramezani 9736137cdc Fixed #31069, Refs #26431 -- Doc'd RegexPattern behavior change in passing optional named groups in Django 3.0. 2019-12-12 14:24:10 +01:00
Osaetin Daniel b33bfc3839 Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
Hasan Ramezani 52018e1615 Fixed typos in 3.0 release notes and docs/ref/request-response.txt. 2019-12-12 10:19:09 +01:00
Mariusz Felisiak ec12c37384
Refs #31073 -- Added release notes for 02eff7ef60. 2019-12-11 10:07:41 +01:00
Baptiste Mispelon 9e565386d3 Fixed #27430 -- Added -b/--buffer option to DiscoverRunner. 2019-12-09 13:47:12 +01:00
Ali Mirlou 663bb435de Fixed typo in docs/releases/3.0.1.txt. 2019-12-09 07:57:36 +01:00
Alex Aktsipetrov bf12273db4 Fixed #31060 -- Reallowed window expressions to be used in conditions outside of queryset filters.
Regression in 4edad1ddf6.

Thanks utapyngo for the report.
2019-12-06 13:52:16 +01:00
Jon Dufresne 5708327c37 Fixed #23433 -- Deprecated django-admin.py entry point in favor of django-admin.
Unify on the entry point created by setuptools entry_points feature.
2019-12-06 12:11:44 +01:00
Mariusz Felisiak 82a88d2f48
Fixed #31061 -- Ignored positional args in django.urls.resolve() when all optional named parameters are missing.
Regression in 76b993a117.

Thanks Claude Paroz for the report and Carlton Gibson for reviews.
2019-12-06 09:32:51 +01:00
Hasan Ramezani 5d674eac87 Fixed #31039 -- Added support for contained_by lookup with AutoFields, SmallIntegerField, and DecimalField. 2019-12-05 15:50:39 +01:00
Gordon Pendleton adb9661789 Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True. 2019-12-05 09:44:45 +01:00
jsals1 1f62c008d1 Fixed typo in docs/releases/3.0.txt. 2019-12-05 07:55:20 +01:00
Aymeric Augustin c06492dd87 Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL. 2019-12-04 18:22:08 +01:00
Aymeric Augustin ad88524e4d Refs #23524 -- Unified BaseDatabaseWrapper.timezone.
There was a special case in this property to return None when the
database backend supports time zone. However, only the PostgreSQL
backend supports time zones and it never uses this property.
2019-12-04 18:07:51 +01:00
Mariusz Felisiak 95ae1a9f8c Fixed #31059 -- Fixed typo in docs/releases/3.0.txt. 2019-12-04 09:22:51 +01:00
Baptiste Mispelon 26cab4e8c1 Fixed #31046 -- Allowed RelatedManager.add()/create()/set() to accept callable values in through_defaults. 2019-12-03 19:47:38 +01:00
Andrew Godwin c90ab30fa1 Fixed #31056 -- Allowed disabling async-unsafe check with an environment variable. 2019-12-03 17:29:31 +01:00
Mariusz Felisiak 908c67e719 Added stub release notes for 3.0.1. 2019-12-02 21:43:59 +01:00
Carlton Gibson 3b347a8a00 Finalized release notes for Django 3.0. 2019-12-02 11:54:32 +01:00
Carlton Gibson 900ea762e5 Added CVE-2019-19118 to the security archive. 2019-12-02 11:42:24 +01:00
Carlton Gibson 368b8d20aa Removed issue reporter name from 2.1.15 and 2.2.8 release notes. 2019-12-02 09:46:25 +01:00
Carlton Gibson e31d185267 Added release dates for 2.1.15, 2.2.8 and 3.0. 2019-12-02 09:10:15 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Mariusz Felisiak 39e39d0ac1 Refs #30953 -- Added 2.1.15 release note for 0107e3d105. 2019-12-02 08:10:39 +01:00
Mariusz Felisiak 0107e3d105
Fixed #30953 -- Made select_for_update() lock queryset's model when using "self" with multi-table inheritance.
Thanks Abhijeet Viswa for the report and initial patch.
2019-12-02 07:57:19 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
Regression in 98296f86b3.
2019-11-29 08:23:01 +01:00
Farhaan Bukhsh 1f817daa20 Fixed #30803 -- Allowed comma separators for milliseconds in django.utils.dateparse functions.
Co-Authored-By: Ben Wilber <benwilber@gmail.com>
2019-11-27 09:43:12 +01:00
Farhaan Bukhsh 42b23d1e79 Refs #30803 -- Allowed comma separators for decimal fractions in parse_duration(). 2019-11-27 09:43:12 +01:00
Sergey Fedoseev abc51d44af Used 🎫 role in all tickets links. 2019-11-26 14:02:24 +01:00
Baptiste Mispelon 52936eface Fixed #31031 -- Fixed data loss in admin changelist view when formset's prefix contains regex special chars.
Regression in b18650a263.
2019-11-26 08:48:10 +01:00
Sergey Fedoseev a5855c8f0f Fixed #30996 -- Added AsWKB and AsWKT GIS functions. 2019-11-22 13:40:48 +01:00
Carlton Gibson ee4a19053a Fixed #31012 -- Reverted "Fixed #29056 -- Fixed HTML5 validation of required SelectDateWidget."
This reverts commit f038214d91.

The initial issue was incorrect. Django 2.2, and before, did not
generate invalid HTML as reported. With f03821 in place invalid HTML
was generated.

Thanks to Kevin Brown for follow-up report and investigation.
2019-11-21 20:53:31 +01:00
Simon Charette e9a0e1d4f6 Fixed #30484 -- Added conditional expressions support to CheckConstraint. 2019-11-21 11:56:35 +01:00
Hasan Ramezani f69b32782e Fixed #30625 -- Doc'd cache.get()/delete() behavior change in Django 2.2. 2019-11-21 10:54:05 +01:00
Jon Dufresne f5ebdfce5c Fixed #25388 -- Added an option to allow disabling of migrations during test database creation. 2019-11-20 20:42:38 +01:00
Mariusz Felisiak e9def97d10 Added stub release notes for 2.1.15. 2019-11-19 12:33:39 +01:00
Daniel Izquierdo 89abecc75d Fixed #27272 -- Added an on_delete RESTRICT handler to allow cascading deletions while protecting direct ones. 2019-11-19 10:55:05 +01:00
Caio Ariede 555bebe774 Fixed #30987 -- Added models.PositiveBigIntegerField. 2019-11-19 09:34:11 +01:00
Sergey Fedoseev f95b59a1b3 Fixed #30994 -- Added Oracle support for AsGeoJSON GIS function. 2019-11-18 15:32:44 +01:00
Simon Charette 11e327a3ff Fixed #30988 -- Deprecated the InvalidQuery exception.
It was barely documented without pointers at its defining location and
was abused to prevent misuse of the QuerySet field deferring feature.
2019-11-18 14:06:51 +01:00
Dulmandakh 24b9f50823 Fixed #29916 -- Added lower_inc, lower_inf, upper_inc, and upper_inf lookups for RangeFields.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-11-14 22:27:29 +01:00
daniel a rios efc3e32d6d Fixed #30759 -- Made cache.delete() return whether it succeeded.
Thanks Simon Charette for the review.
2019-11-14 11:14:11 +01:00