Carlton Gibson
d5b526bf78
Added CVE-2020-24583 & CVE-2020-24584 to security archive.
2020-09-01 11:32:57 +02:00
Nick Pope
cc1f2c6a19
Refs #29887 -- Simplified memcached client instantiation.
2020-09-01 10:51:00 +02:00
Carlton Gibson
7a60670b78
Added stub release notes for 3.1.2.
2020-09-01 10:45:12 +02:00
Carlton Gibson
976e2b7420
Added release date for 3.1.1, 3.0.10, and 2.2.16.
2020-09-01 09:56:42 +02:00
Mariusz Felisiak
1853724aca
Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.
2020-09-01 09:17:23 +02:00
Mariusz Felisiak
8d7271578d
Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
...
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
007gzs
2bc38bc7ca
Fixed #31901 -- Prevented content overflowing in the admin changelist with navigation sidebar.
2020-09-01 07:51:22 +02:00
Abdullah Dursun
fcad0b1324
Corrected note about long names in search docs.
2020-08-31 22:36:25 +02:00
Hasan Ramezani
70731fc6fe
Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers.
2020-08-31 10:57:41 +02:00
Federico Jaramillo Martínez
179d9dc0c2
Fixed #31952 -- Fixed EmptyFieldListFilter crash with reverse relationships.
...
Thanks dacotagh for the report.
2020-08-31 09:28:05 +02:00
Simon Charette
f6405c0b8e
Fixed #31965 -- Adjusted multi-table fast-deletion on MySQL/MariaDB.
...
The optimization introduced in 7acef095d7
did not properly handle
deletion involving filters against aggregate annotations.
It initially was surfaced by a MariaDB test failure but misattributed
to an undocumented change in behavior that resulted in the systemic
generation of poorly performing database queries in 5b83bae031
.
Thanks Anton Plotkin for the report.
Refs #23576 .
2020-08-31 08:11:28 +02:00
Simon Charette
38fce49c82
Fixed #31919 -- Resolved output_field of IntegerField subclasses combinations.
2020-08-31 06:42:40 +02:00
Simon Charette
40894f2967
Refs #30446 -- Added tests for resolving output_field of CombinedExpression.
2020-08-31 06:40:39 +02:00
Mariusz Felisiak
0be51d2226
Fixed #31956 -- Fixed crash of ordering by JSONField with a custom decoder on PostgreSQL.
...
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.
2020-08-28 19:09:46 +02:00
Mariusz Felisiak
2210539142
Refs #31956 -- Added test for ordering by JSONField with a custom decoder.
2020-08-28 19:09:41 +02:00
Koen De Wit
4c0b4720b0
Fixed #31954 -- Fixed migration optimization for MTI model creation with parent model with mixed case app label.
2020-08-28 13:35:13 +02:00
Kevin Michel
225261b701
Refs #31928 -- Added various middlewares tests for detecting when get_response is coroutine.
2020-08-28 12:33:29 +02:00
Kevin Michel
825ce75fae
Fixed #31928 -- Fixed detecting an async get_response in various middlewares.
...
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.
This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.
Thanks Kordian Kowalski for the report.
2020-08-28 12:33:15 +02:00
Kevin Michel
ea57a2834f
Refs #31928 -- Made SessionMiddleware call super().__init__().
2020-08-28 12:33:15 +02:00
Kevin Michel
68d7cf4054
Refs #26601 -- Added various middlewares tests for deprecation of passing None as get_response.
2020-08-28 12:33:15 +02:00
Kevin Michel
abbdd3a622
Added tests for cache middlewares constructors.
2020-08-28 10:00:39 +02:00
Mariusz Felisiak
e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator.
...
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.
Thanks tytusd and leonyxz for reports.
Regression in edeec1247e
and
26554cf5d1
.
2020-08-28 05:57:36 +02:00
Phil Gyford
e02738bf55
Refs #31913 -- Corrected comment in PasswordResetTokenGenerator.
...
Follow up to da4923ea87
.
2020-08-27 12:57:16 +02:00
Alexander
20d38fd759
Fixed #31947 -- Made QuerySet.update_or_create() reuse get_or_create().
2020-08-27 11:46:47 +02:00
Mariusz Felisiak
1251772cb8
Fixed #31936 -- Fixed __in lookup on key transforms for JSONField.
...
This resolves an issue on databases without a native JSONField
(MariaDB, MySQL, SQLite, Oracle), where values must be wrapped.
Thanks Sébastien Pattyn for the report.
2020-08-26 22:13:37 +02:00
Jeremy Lainé
9c92924cd5
Fixed #31942 -- Made settings cleansing work with dictionary settings with non-string keys.
2020-08-26 11:59:37 +02:00
Kaustubh
b9be11d442
Fixed #31918 -- Allowed QuerySet.in_bulk() to fetch on a single distinct field.
2020-08-26 09:43:39 +02:00
Michael Galler
547a07fa7e
Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-08-26 07:13:49 +02:00
Mariusz Felisiak
0b0658111c
Removed trailing whitespace in 3.2 release notes.
2020-08-25 10:02:56 +02:00
Cleiton de Lima
9f8c7d2b4b
Moved CreateExtension release notes into django.contrib.postgres section.
2020-08-25 06:13:19 +02:00
Tim Graham
ea880ec233
Fixed #24533 -- Dropped PostgreSQL sequence and Oracle identity when migrating away from AutoField.
2020-08-24 14:32:07 +02:00
Nick Pope
b312421511
Refs #30897 -- Added test for WAL option to Queryset.explain() on PostgreSQL 13+.
2020-08-24 11:47:38 +02:00
Mariusz Felisiak
bb8f66934d
Fixed #31877 -- Reverted "Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context."
...
This reverts commit 4ed534758c
.
2020-08-24 11:37:59 +02:00
Mariusz Felisiak
04e87e79a0
Refs #31877 -- Reverted "Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning."
...
This reverts commit 20799cc0a6
.
2020-08-24 11:37:59 +02:00
Nick Pope
b5acb9db75
Fixed #31907 -- Fixed missing validate_key() calls in cache backends.
2020-08-24 09:41:21 +02:00
Nick Pope
9e04b242ee
Refs #31907 -- Added cache key validation tests for cache operations.
2020-08-24 09:33:55 +02:00
Tim Graham
7ca42974ee
Added assertions for the results of migrating an integer pk to AutoField.
2020-08-24 06:45:48 +02:00
Kaustubh
3e753d3de3
Fixed #31925 -- Fixed typo in docs/releases/3.0.txt.
2020-08-21 09:47:37 +02:00
Ninad Kulkarni
927bd888dd
Fixed #31906 -- Fixed typo in docs/ref/forms/fields.txt.
2020-08-21 08:14:07 +02:00
Juan Pedro Fisanotti
41725602af
Improved wording in async views docs.
2020-08-20 09:06:50 +02:00
Nick Pope
e2013b260a
Refs #29887 , #27480 -- Moved touch() to BaseMemcachedCache.
2020-08-20 09:00:21 +02:00
Nick Pope
0cb0d59b23
Fixed comments related to nonexistent keys for incr()/decr() in memcached backends.
2020-08-20 08:58:50 +02:00
Enderson Menezes
67e4a9a4b9
Fixed #31909 -- Fixed typo in docs/ref/contrib/admin/index.txt.
2020-08-20 07:34:03 +02:00
Mariusz Felisiak
4376c2c7f8
Fixed #31895 -- Fixed crash when decoding invalid session data.
...
Thanks Matt Hegarty for the report.
Regression in d4fff711d4
.
2020-08-19 12:06:00 +02:00
Maxim Petrov
bf6d07730c
Fixed #31902 -- Fixed crash of ExclusionConstraint on expressions with params.
2020-08-19 06:43:54 +02:00
David Smith
e2e34f4de3
Fixed #27679 -- Doc'd that empty formsets display extra + min_num forms.
2020-08-18 22:56:39 +02:00
Mariusz Felisiak
35b03788b0
Refs #9061 -- Allowed GenericInlineFormSet to disable deleting extra forms.
...
Follow up to 162765d6c3
.
2020-08-18 09:37:15 +02:00
Mariusz Felisiak
3254991762
Refs #20347 -- Allowed customizing the maximum number of instantiated forms in generic_inlineformset_factory().
...
Follow up to 433dd737f9
.
2020-08-18 09:37:15 +02:00
Mariusz Felisiak
13704b057d
Refs #17642 -- Doc'd min_num and validate_min arguments in modelformset_factory() docs.
...
Changed arguments ordering to match the modelformset_factory()
signature.
2020-08-18 09:30:31 +02:00
Mariusz Felisiak
d534b5734f
Fixed typo in docs/ref/django-admin.txt.
2020-08-18 06:28:30 +02:00