8747052411
Added CVE-2021-44420 to security archive.
2021-12-07 08:51:26 +01:00
d4dcd5b9dd
Fixed #30530 , CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
...
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
2021-12-07 06:28:08 +01:00
628b6a6869
Updated translations from Transifex.
...
This also fixes related i18n tests.
Forwardport of 4c5215ab03
2021-12-06 20:31:03 +01:00
1eaf38fa87
Fixed #33335 -- Made model validation ignore functional unique constraints.
...
Regression in 3aa545281e
2021-12-06 07:59:11 +01:00
d3a64bea51
Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle.
...
Grouping by LOBs is not allowed on Oracle. This moves a binary field to
a separate model.
2021-12-04 15:55:03 +01:00
d3f4c2b95d
Fixed #33078 -- Added support for language regions in i18n_patterns().
2021-12-03 12:57:06 +01:00
4f7bbc6138
Refs #33078 -- Added extra assertions to MiscTests.test_get_language_from_path_real().
2021-12-03 12:03:30 +01:00
2c7846d992
Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL.
...
This makes models.BinaryField pickleable on PostgreSQL.
Regression in 3cf80d3fcf
2021-12-03 11:56:22 +01:00
9c1fe446b6
Fixed #33339 -- Made QuerySet.bulk_create() use TO_NCLOB() for TextFields on Oracle.
2021-12-03 07:39:20 +01:00
97e9a84d27
Removed unused country argument from GeoIP2._check_query().
...
Unused since its introduction in 79e68c225b
2021-12-02 11:30:42 +01:00
7d5058d870
Removed redundant GeoIP2._check_query() calls.
2021-12-02 11:30:42 +01:00
adcb3a7a27
Removed unused GeoIP2._cache attribute.
...
Unused since its introduction in 79e68c225b
2021-12-02 11:30:32 +01:00
31bef51d8e
Moved unnecessary inner import in GeoIP2.geos().
2021-12-02 11:27:33 +01:00
5def7f3f74
Updated various links to HTTPS and new locations.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-02 11:27:29 +01:00
d75c387f46
Fixed #33334 -- Alphabetized form and model fields in reference docs.
2021-12-02 08:33:26 +01:00
e5a92d400a
Fixed #33282 -- Fixed a crash when OR'ing subquery and aggregation lookups.
...
As a QuerySet resolves to Query the outer column references grouping logic
should be defined on the latter and proxied from Subquery for the cases where
get_group_by_cols is called on unresolved expressions.
Thanks Antonio Terceiro for the report and initial patch.
2021-12-02 07:23:33 +01:00
e3bde71676
Refs #32690 -- Altered lookups Query rhs alterations during initialization.
...
Having it happen at the lookup creation time ensures entry points
called before the compilation phase (e.g. get_group_by_cols) don't have
to duplicate the logic in charge of altering Query instances used as
rhs.
It also has the nice effect of reducing the amount of time the
alteration logic to once as opposed to multiple times if the queryset
is compiled more than once.
2021-12-02 07:00:52 +01:00
4ce59f602e
Fixed #30398 -- Added CONN_HEALTH_CHECKS database setting.
...
The CONN_HEALTH_CHECKS setting can be used to enable database
connection health checks for Django's persistent DB connections.
Thanks Florian Apolloner for reviews.
2021-12-01 07:44:48 +01:00
64c3f049ea
Fixed #33047 -- Fixed CheckConstraint crash with GIS lookups on PostGIS and MySQL GIS backends.
...
Thanks Daniel Swain for the report and Arsalan Ghassemi for the initial
patch.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-30 20:06:29 +01:00
ae4077e13e
Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
2021-11-30 11:25:00 +01:00
322a1a037d
Refs #25706 - Removed inline JavaScript from OpenLayers template.
...
This allows setting a Content-Security-Policy HTTP header.
2021-11-30 06:35:15 +01:00
3ff7f6cf07
Refs #32800 -- Renamed _sanitize_token() to _check_token_format().
2021-11-29 10:48:31 +01:00
5d80843ebc
Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.
...
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.
Thanks Florian Apolloner and Shai Berger for reviews.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-29 10:47:39 +01:00
05e29da421
Fixed #32545 -- Improved admin widget for raw_id_fields for UUIDFields.
...
Co-Authored-By: Jerome Leclanche <jerome@leclan.ch>
2021-11-29 07:16:26 +01:00
ed2018037d
Fixed #33322 -- Fixed loss of assigned related object when saving relation with bulk_update().
2021-11-29 06:27:22 +01:00
9ac92b1efc
Refs #33301 -- Made SimpleTestCase.assertFormError()/assertFormsetErrors() raise ValueError for non test client responses.
2021-11-26 13:10:43 +01:00
68144f4049
Added tests for SimpleTestCase.assertFormError()/assertFormsetErrors().
2021-11-26 12:36:25 +01:00
528691d1b6
Fixed #33301 -- Clarified the type of arguments required by custom assertions.
2021-11-26 12:03:00 +01:00
75ee7057e9
Refs #33163 -- Corrected example of connection signal handlers in AppConfig.ready().
2021-11-26 11:16:35 +01:00
24b316536a
Fixed #33303 -- Changed messages' level tags on MESSAGE_TAGS setting change.
2021-11-26 07:09:31 +01:00
9a6e2df3a8
Fixed #32397 -- Made startapp/startproject management commands set User-Agent.
...
This sets User-Agent to 'Django/<version>'.
2021-11-25 20:36:04 +01:00
e361621dbc
Removed unneeded can_use_chunked_reads feature flag on SQLite.
...
Unneeded since c0e3c65b9d
2021-11-25 20:08:46 +01:00
51c24d8799
Fixed #33024 -- Fixed height of admin selector boxes in collapsed fieldset.
...
Thanks Tom Carrick for the review.
2021-11-25 07:57:19 +01:00
b8c0b22f2f
Fixed typo in docs/releases/4.0.txt.
2021-11-24 17:38:35 +01:00
59f4796918
Fixed #4282 -- Made startapp/startproject management commands honor umask.
...
Co-authored-by: Christian Schmitt <c.schmitt@briefdomain.de>
2021-11-24 13:10:45 +01:00
1555e5850d
Removed unneeded supports_combined_alters feature flag on Oracle.
...
supports_combined_alters is False by default.
2021-11-24 10:23:43 +01:00
7f8f69fb38
Fixed #33298 -- Added docs and tests for using Q objects with get_object_or_404()/get_list_or_404().
2021-11-24 09:28:21 +01:00
ddf321479b
Removed unneeded @skipUnlessDBFeature('supports_combined_alters').
...
The test acts a regression test for 715ccfde24
2021-11-24 09:13:28 +01:00
9772eaa6c0
Fixed typo in delete test docstring.
2021-11-24 09:04:54 +01:00
98352ddf3a
Fixed #33310 -- Removed unused rule from admin CSS.
...
Unused since 30e59705fc
2021-11-23 21:14:36 +01:00
bdcda1ca9b
Fixed #33309 -- Fixed QuerySet.distinct() crash on mixed case annotation.
2021-11-23 20:43:20 +01:00
aec71aaa5b
Fixed #33304 -- Allowed passing string expressions to Window(order_by).
2021-11-23 07:58:44 +01:00
e06dc4571e
Refs #33304 -- Enclosed aggregate ordering logic in an expression.
...
This greatly simplifies the implementation of contrib.postgres'
OrderableAggMixin and allows for reuse in Window expressions.
2021-11-23 07:28:27 +01:00
a17becf4c7
Corrected signatures of QuerySet's methods.
2021-11-23 07:04:04 +01:00
8b020f2e64
Corrected isort example in coding style docs.
...
Follow up to e74b3d724e
2021-11-22 12:34:32 +01:00
e6e664a711
Fixed #33302 -- Made element_id optional argument for json_script template filter.
...
Added versionchanged note in documentation
2021-11-22 11:52:19 +01:00
dd528cb2ce
Corrected "pip install" call in coding style docs.
2021-11-22 09:56:56 +01:00
a0ed3cfad1
Fixed #33305 -- Fixed autodetector crash for ForeignKey with hardcoded "to" attribute.
...
Co-authored-by: Simon Charette <charette.s@gmail.com>
2021-11-22 06:46:25 +01:00
a7e7043c87
Fixed #33229 -- Fixed BaseDatabaseOperations.adapt_datetimefield_value()/adapt_timefield_value() crash with expressions.
2021-11-19 09:47:57 +01:00
6fa2930573
Refs #24121 -- Added __repr__() to BaseDatabaseWrapper, JoinPromoter, and SQLCompiler.
2021-11-19 07:57:02 +01:00
Mariusz Felisiak
Florian Apolloner
Hannes Ljungberg
Maxim Piskunov
Georgi Yanchev
Nick Pope
Shivam Durgbuns
Simon Charette
Przemysław Suliga
Claude Paroz
Chris Jerdonek
Shubh1815
Baptiste Mispelon
Hasan Ramezani
Ad Timmering
Ryuji Tsutsui
mgaligniana
Tim Graham
Álvaro Pelegrina Fernández
arsalan.ghassemi
Paolo Melchiorre
SwastikTripathi
Jonny Park