Commit Graph

4261 Commits

Author SHA1 Message Date
Ryuji Tsutsui b8c0b22f2f
Fixed typo in docs/releases/4.0.txt. 2021-11-24 17:38:35 +01:00
Simon Charette aec71aaa5b Fixed #33304 -- Allowed passing string expressions to Window(order_by). 2021-11-23 07:58:44 +01:00
Baptiste Mispelon e6e664a711 Fixed #33302 -- Made element_id optional argument for json_script template filter.
Added versionchanged note in documentation
2021-11-22 11:52:19 +01:00
jhisham 5e218cc0b7 Added Malay language. 2021-11-18 20:57:50 +01:00
Krzysztof Jagiello 8d9827c06c Fixed #33161 -- Enabled durability check for nested atomic blocks in TestCase.
Co-Authored-By: Adam Johnson <me@adamj.eu>
2021-11-12 13:05:56 +01:00
Mariusz Felisiak 0b95a96ee1
Removed DatabaseIntrospection.get_key_columns().
Thanks Simon Charette for the report.
2021-11-10 16:38:43 +01:00
Baptiste Mispelon 91acfc3514 Fixed #33264 -- Made test runner return non-zero error code for unexpected successes. 2021-11-08 20:19:21 +01:00
Keryn Knight 4f8c7fd9d9 Fixed #32980 -- Made models cache related managers. 2021-11-08 08:44:12 +01:00
Mariusz Felisiak ba9ced3e9a
Fixed #33253 -- Reverted "Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage."
This reverts commit 91e21836f6.

`export` and `import` directives have several syntax variants and not
all of them were properly covered.

Thanks Hervé Le Roy for the report.
2021-11-05 12:11:18 +01:00
Carlton Gibson 2c01ebb4be Refs #33263 -- Expanded release notes for DeleteView adopting FormMixin. 2021-11-05 09:22:53 +01:00
Guilherme Martins Crocetti fc565cb539 Fixed #27147 -- Allowed specifying bounds of tuple inputs for non-discrete range fields. 2021-11-04 19:08:57 +01:00
Mariusz Felisiak 60503cc747
Corrected multiply defined labels in docs. 2021-11-04 10:46:01 +01:00
Mariusz Felisiak d811fa1d10 Added stub release notes for Django 3.2.10. 2021-11-01 10:41:06 +01:00
Mariusz Felisiak 7ec603ba25 Added release date for 3.2.9. 2021-11-01 10:18:49 +01:00
Chinmoy 073b7b5915
Fixed #33228 -- Changed value of BaseDatabaseFeatures.has_case_insensitive_like to False. 2021-10-28 17:56:29 +02:00
Matteo Vitali 3f1f8b9376 Fixed #33182 -- Moved admin dark mode vars to separate stylesheet and template block. 2021-10-27 10:34:01 +02:00
David Smith 480191244d Fixed #25916 -- Added lastmod support to sitemap index view.
Co-authored-by: Matthew Downey <matthew.downey@webit.com.au>
2021-10-21 15:26:22 +02:00
David Smith 69b0736fad Refs #32956 -- Changed docs to treat the acronym HTTP phonetically. 2021-10-18 21:00:28 +02:00
Hannes Ljungberg 86971c4090 Fixed #33194 -- Fixed migrations when altering a field with functional indexes/unique constraints on SQLite.
This adjusts Expressions.rename_table_references() to only update alias
when needed.

Regression in 83fcfc9ec8.

Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2021-10-18 08:25:23 +02:00
Jacob Walls 32f1fe5f89 Fixed #29470 -- Logged makemigrations automatic decisions in non-interactive mode. 2021-10-12 15:19:39 +02:00
Mariusz Felisiak 604df4e0ad
Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x. 2021-10-05 13:30:41 +02:00
Carlton Gibson c113f7fb0d Added stub release notes for Django 3.2.9. 2021-10-05 09:39:20 +02:00
Carlton Gibson c5776bfca9 Added release date for 3.2.7. 2021-10-05 09:07:26 +02:00
Nick Pope c2f6c05c4c Refs #32943 -- Added support for covering exclusion constraints using SP-GiST indexes on PostgreSQL 14+. 2021-10-01 13:11:37 +02:00
Nick Pope e76f9d5b44 Refs #32943 -- Added support for covering SP-GiST indexes on PostgreSQL 14+. 2021-10-01 13:11:34 +02:00
Nick Pope bd47b9bc81 Fixed #32961 -- Added BitXor() aggregate to django.contrib.postgres. 2021-10-01 10:32:39 +02:00
David Wobrock ad36a198a1 Fixed #33141 -- Renamed Expression.empty_aggregate_value to empty_result_set_value. 2021-09-29 12:58:01 +02:00
Claude Paroz 4ffada3609 Fixed #33136 -- Added GEOSGeometry.make_valid() method. 2021-09-27 09:58:28 +02:00
Jero Bado 3f2170f720 Fixed typo in 4.0 release notes. 2021-09-22 15:17:01 +02:00
Mariusz Felisiak 221b2f85fe
Fixed #33129 -- Dropped support for MariaDB 10.2. 2021-09-22 11:57:54 +02:00
Carlton Gibson b0ed619303
Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom.
Thanks Benjamin Locher for the report.

Regression in 30e59705fc.
2021-09-21 19:58:00 +02:00
Mariusz Felisiak 32b7ffc2bb Increased the default PBKDF2 iterations for Django 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak 737fa72ae3 Refs #32191 -- Removed for the pre-Django 3.2 format of messages in CookieStorage.
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
Mariusz Felisiak 05f3a6186e Refs #32193 -- Removed MemcachedCache per deprecation timeline. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak e2be307b3a Refs #31235 -- Made assertQuerysetEqual() not call repr() on a queryset when compared to string values.
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
Mariusz Felisiak 75d6c4ae6d Refs #31180 -- Removed default_app_config application configuration variable per deprecation timeline. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak d25710a625 Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak 1cb495074f Refs #31546 -- Removed support for boolean values in Command.requires_system_checks.
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
Mariusz Felisiak 2e10abeb7f Refs #31395 -- Removed support for assigning objects which don't support deepcopy() in setUpTestData().
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
Mariusz Felisiak 810bca5a1a Added stub release notes for 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak 32f052be0a Made cosmetic edits to docs/releases/4.0.txt. 2021-09-20 20:50:07 +02:00
Mariusz Felisiak 01042c46f0 Removed empty sections from 4.0 release notes. 2021-09-20 20:07:23 +02:00
David Smith 456466d932 Fixed #31026 -- Switched form rendering to template engine.
Thanks Carlton Gibson, Keryn Knight, Mariusz Felisiak, and Nick Pope
for reviews.

Co-authored-by: Johannes Hoppe <info@johanneshoppe.com>
2021-09-20 15:50:18 +02:00
Mariusz Felisiak ef4ef3b8f5
Fixed #32504 -- Updated admin's jQuery to 3.6.0. 2021-09-20 06:54:35 +02:00
Ken Whitesell 0a9aa02e6f Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site. 2021-09-18 12:27:28 +02:00
Nikita Marchant 4e4082f939 Fixed #32492 -- Added TrigramWordSimilarity() and TrigramWordDistance() on PostgreSQL. 2021-09-17 13:05:15 +02:00
Giannis Adamopoulos 4555aa0a48 Fixed #27674 -- Deprecated GeoModelAdmin and OSMGeoAdmin.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-17 08:56:16 +02:00
Carlton Gibson 306607d5b9 Fixed #32365 -- Made zoneinfo the default timezone implementation.
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick
Pope, and Paul Ganssle for reviews.
2021-09-16 12:11:05 +02:00
Daniyal ec212c6616 Fixed #33012 -- Added Redis cache backend.
Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight,
Mariusz Felisiak, and Nick Pope for reviews and mentoring this
Google Summer of Code 2021 project.
2021-09-14 15:50:08 +02:00
Claude Paroz 676bd084f2 Fixed #32873 -- Deprecated settings.USE_L10N.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-14 12:05:43 +02:00
Siburg 46c8df640c Fixed #32219 -- Made InlineModelAdmin.verbose_name_plural fallback to its verbose_name. 2021-09-08 13:20:13 +02:00
Mariusz Felisiak 4a43335d30
Fixed #30086, Refs #32873 -- Made floatformat template filter independent of USE_L10N. 2021-09-08 08:37:27 +02:00
Andrew-Chen-Wang 301a85a12f Fixed #32076 -- Added async methods to BaseCache.
This also makes DummyCache async-compatible.
2021-09-07 20:14:25 +02:00
sage 84c7c4a477 Fixed #32309 -- Added --exclude option to startapp/startproject management commands. 2021-09-01 12:08:02 +02:00
Mariusz Felisiak af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Mariusz Felisiak f3a0dc5b2a Added release date for 3.2.7. 2021-09-01 07:40:01 +02:00
Jan Szoja b667ac24ea Fixed #25264 -- Allowed suppressing base command options in --help output.
This also suppresses -verbosity and --trackback options in the
runserver's help.
2021-08-31 11:04:02 +02:00
Carlton Gibson cbba49971b Fixed #32992 -- Restored offset extraction for fixed offset timezones.
Regression in 10d1261984.
2021-08-30 10:12:46 +02:00
Eugene Morozov d89f976bdd Fixed #33054 -- Made TestCase.captureOnCommitCallbacks() capture callbacks recursively. 2021-08-30 07:06:22 +02:00
David Smith 5942ab5eb1 Refs #32338 -- Made RadioSelect/CheckboxSelectMultiple render in <div> tags.
This improves accessibility for screen reader users.
2021-08-27 06:14:01 +02:00
Chris Jerdonek b263f4b69d Fixed #32552 -- Added logger argument to DiscoverRunner. 2021-08-24 09:23:01 +02:00
Chris Jerdonek 7800596924 Fixed #33014 -- Made ProjectState raise exception when real_apps argument is not a set. 2021-08-19 10:18:51 +02:00
Andrew Northall c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
Jarosław Wygoda d3c4696596 Fixed #27590 -- Allowed customizing a manifest file storage in ManifestFilesMixin. 2021-08-05 12:40:34 +02:00
Chris Jerdonek 4fe3774c72 Refs #32986 -- Moved TRANSLATOR_COMMENT_MARK to django.utils.translation.template. 2021-08-05 06:11:40 +02:00
Ties Jan Hefting 4f3acf9579 Fixed #32984 -- Allowed customizing a deletion field widget in formsets. 2021-08-03 13:12:50 +02:00
Adam Johnson ae89daf46f Fixed #31621 -- Added support for '--parallel auto' to test management command. 2021-08-03 09:57:04 +02:00
Carlton Gibson 947bdec60c Added stub release notes for Django 3.2.7. 2021-08-02 08:41:29 +02:00
Carlton Gibson 74a86e9b5e Confirmed release date for Django 3.2.6. 2021-08-02 06:55:40 +02:00
David Smith fbb1984046
Refs #32956 -- Updated words ending in -wards.
AP styleguide: Virtually none of the words ending with -wards end with
an s.
2021-07-30 20:34:50 +02:00
Chris Jerdonek 7c30bdbdb1 Refs #32916 -- Replaced request.csrf_cookie_needs_reset with request.META['CSRF_COOKIE_NEEDS_UPDATE']. 2021-07-29 11:55:36 +02:00
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Keryn Knight 5b8ef8aa5b Refs #32946 -- Changed Query.add_filter() to take two arguments. 2021-07-28 09:38:42 +02:00
David Smith 1cba320786
Refs #32956 -- Changed "afterwards" to "afterward" in docs and comments.
This also removes unnecessary comments with the previous spelling.

AP Stylebook has a short entry to advise the preferred spelling for
"en-us". "Afterwards" is preferred in British English.
2021-07-27 10:41:51 +02:00
Tom Wojcik 20226fcd46 Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list.
Regression in c32d8f33d8.
2021-07-26 06:09:29 +02:00
ryowright 1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
Nick Pope c35b81b864 Fixed #32951 -- Removed Query.where_class & co.
Unused since 3caf957ed5.
2021-07-22 08:49:20 +02:00
Carlton Gibson 012f38f959 Refs #32949 -- Adjusted release note wording. 2021-07-21 11:34:47 +02:00
yakimka c542d0a072 Fixed #32949 -- Restored invalid number handling in DecimalField.validate().
DecimalField must itself validate() values, such as NaN, which cannot be
passed to validators, such as MaxValueValidator, during the
run_validators() phase.

Regression in cc3d24d7d5.
2021-07-21 10:20:24 +02:00
Nick Pope fee8734596 Refs #10929 -- Deprecated forced empty result value for PostgreSQL aggregates.
This deprecates forcing a return value for ArrayAgg, JSONBAgg, and
StringAgg when there are no rows in the query. Now that we have a
``default`` argument for aggregates, we want to revert to returning the
default of ``None`` which most aggregate functions return and leave it
up to the user to decide what they want to be returned by default.
2021-07-19 13:41:16 +02:00
Nick Pope 501a8db465 Fixed #10929 -- Added default argument to aggregates.
Thanks to Simon Charette and Adam Johnson for the reviews.
2021-07-19 13:04:27 +02:00
Jacob Walls 56f9579105 Fixed #32655 -- Deprecated extra_tests argument for DiscoverRunner.build_suite()/run_tests(). 2021-07-16 20:46:41 +02:00
Jacob Walls 00c724f2f2
Fixed typo in docs/releases/3.1.13.txt. 2021-07-16 20:30:21 +02:00
Ties Jan Hefting 84400d2e9d Fixed #32905 -- Added CSS class for non-form errors of formsets. 2021-07-15 07:00:39 +02:00
Carlton Gibson 3a45fea083 Fixed #21936 -- Allowed DeleteView to work with custom Forms and SuccessMessageMixin.
Thanks to Mariusz Felisiak for review.

Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: Caroline Simpson <github@hoojiboo.com>
2021-07-14 09:47:03 +02:00
Ian Foote f42ccdd835 Fixed #27021 -- Allowed lookup expressions in annotations, aggregations, and QuerySet.filter().
Thanks Hannes Ljungberg and Simon Charette for reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-09 11:43:06 +02:00
Chris Jerdonek 90ba716bf0 Fixed #24522 -- Added a --shuffle option to DiscoverRunner. 2021-07-08 07:29:04 +02:00
Mariusz Felisiak 77b88fe621
Fixed #32908 -- Allowed select_for_update(skip_locked) on MariaDB 10.6+. 2021-07-08 06:51:10 +02:00
Hannes Ljungberg a06b977a91 Fixed #32776 -- Added support for Array subqueries on PostgreSQL. 2021-07-06 07:36:52 +02:00
Nick Pope fa35c8bdbc
Fixed #30934 -- Included database alias in django.db.backends log messages.
This is useful when working with database routing as you want to know
where each query is being executed.

Co-authored-by: David Winterbottom <david.winterbottom@gmail.com>
2021-07-02 15:36:53 +02:00
Simon Charette 9f3cce172f Refs #26430 -- Re-introduced empty aggregation optimization.
The introduction of the Expression.empty_aggregate_value interface
allows the compilation stage to enable the EmptyResultSet optimization
if all the aggregates expressions implement it.

This also removes unnecessary RegrCount/Count.convert_value() methods.
Disabling the empty result set aggregation optimization when it wasn't
appropriate prevented None returned for a Count aggregation value.

Thanks Nick Pope for the review.
2021-07-02 07:25:42 +02:00
Mariusz Felisiak 8feb2a49fa Added CVE-2021-35042 to security archive. 2021-07-01 09:57:08 +02:00
Mariusz Felisiak bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak dae83a2451 Forwardported release notes for CVE-2021-35042. 2021-07-01 09:42:54 +02:00
Mariusz Felisiak 8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
abhiabhi94 cd124295d8 Fixed #32381 -- Made QuerySet.bulk_update() return the number of objects updated.
Co-authored-by: Diego Lima <diego.lima@lais.huol.ufrn.br>
2021-06-29 06:58:46 +02:00
Claude Paroz 495083e3e1 Updated translations from Transifex.
Forwardport of 04b744050f from stable/3.2.x.
2021-06-28 07:08:39 +02:00
Peter Inglesby 1bbb98d9a4 Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell
By default, this means that readline is properly registered, so that
.python_history is used.

sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-23 14:53:41 +02:00
Hasan Ramezani 7a9745fed4 Fixed #32863 -- Skipped system check for specifying type of auto-created primary keys on models with invalid app_label.
Regression in b5e12d490a.

Thanks Iuri de Silvio for the report.
2021-06-22 20:47:15 +02:00
Keryn Knight 854e9b0668 Fixed #32824 -- Improved performance of NodeList.render().
This avoids the following:
 - checking that each item in the nodelist is a subclass of Node,
 - calling str() on the render_annotated() output, because it's
   documented that Node.render() must return a string,
 - calling mark_safe() on the output, when the value to be wrapped is
   definitively known to be a string because the result of ''.join()
   is always of that type,
 - using an intermediate list to store each individual string.
2021-06-11 12:22:06 +02:00
Mariusz Felisiak fa0433d05f Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+.
Regression in d4ac23bee1.

Thanks Omkar Deshpande for the report.
2021-06-10 20:03:43 +02:00
Mariusz Felisiak 57bc16b38e Refs #32503 -- Added release notes for 5e04e84d67. 2021-06-10 20:03:43 +02:00
Sanskar Jaiswal 8c3bd0b708 Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL. 2021-06-08 07:46:51 +02:00
Takayuki Hirayama 0393b9262d Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
Regression in 981a072dd4.

Thanks pirelle for the report.
2021-06-04 07:23:16 +02:00
Mariusz Felisiak d9cee3f5f2 Fixed docs header underlines in security archive. 2021-06-02 12:16:38 +02:00
Carlton Gibson ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson a39f235ca4 Added CVE-2021-33203 and CVE-2021-33571 to security archive. 2021-06-02 11:15:54 +02:00
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner 46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Carlton Gibson f66ae7a2d5 Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-06-02 10:19:19 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization.
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Gildardo Adrian Maravilla Jacome 91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
David Wobrock b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
Mohammadreza Varasteh e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Nick Pope e513fb0e77 Fixed typo in MiddlewareMixin deprecation note. 2021-05-27 06:17:30 +02:00
Mariusz Felisiak 12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani 1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Carlton Gibson b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Hasan Ramezani 68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Rohith PR 7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Mariusz Felisiak 66491f08fe
Changed IRC references to Libera.Chat. 2021-05-20 12:23:36 +02:00
David Sanders 736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
Carlton Gibson c2e6047c72 Fixed #32740 -- Caught possible exception when initializing colorama. 2021-05-19 10:33:15 +02:00
Claude Paroz 8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak 958cdf65ae Fixed #32747 -- Prevented initialization of unused caches.
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
Regression in b5e12d490a.
2021-05-18 13:02:33 +02:00
Slava Skvortsov f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
Regression in ba31b01034.
2021-05-18 09:14:05 +02:00
Nick Pope c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Nick Pope 7c4ee487c7 Refs #32720 -- Fixed some broken links in docs. 2021-05-17 09:22:17 +02:00
Nick Pope 1c3bbcf802 Refs #32720 -- Used full hashes in security archive. 2021-05-17 08:27:46 +02:00
Mariusz Felisiak df5c96299a Corrected commit hashes for security patches. 2021-05-17 08:26:06 +02:00
Nick Pope 8c4caee76a Refs #32720 -- Used :commit: and :source: role in old release notes. 2021-05-17 07:36:57 +02:00
Mariusz Felisiak 820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Simon Charette b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso 3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
Nick Pope 29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00
Nick Pope 1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Mariusz Felisiak d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:01 +02:00
Jordi Castells 205c36b58f Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. 2021-05-07 20:03:46 +02:00
Hasan Ramezani 028f10fac6 Fixed #32712 -- Deprecated django.utils.baseconv module. 2021-05-07 11:57:40 +02:00
Mariusz Felisiak 29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak efebcc429f Added CVE-2021-32052 to security archive. 2021-05-06 09:58:24 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Simon Charette 96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Carlton Gibson 62b2e8b37e Added commits for CVE-2021-31542 to security archive. 2021-05-04 11:09:21 +02:00
Carlton Gibson 607ebbfba9 Added CVE-2021-31542 to security archive. 2021-05-04 11:06:07 +02:00
Carlton Gibson 5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Hasan Ramezani 8bcb00858e Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri(). 2021-04-30 08:05:42 +02:00
Carlton Gibson 907d3a7ff4 Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated. 2021-04-29 13:53:56 +02:00
Mariusz Felisiak baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
Follow up to 1871182031.
2021-04-29 12:04:30 +02:00
David Wobrock 4ab3ef238e Fixed #32675 -- Doc'd that autodector changes might cause generation of no-op migrations.
Follow up to aa4acc164d.
2021-04-29 07:46:22 +02:00
Simon Charette c8b6594305 Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction.
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.
2021-04-28 12:13:55 +02:00
Konstantin Alekseev 6e742dabc9 Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
Regression in bbe6fbb876.
2021-04-27 10:43:35 +02:00
Mariusz Felisiak 1871182031 Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a1
revealed a possible data loss issue in the admin.
2021-04-27 10:34:47 +02:00
Zain Patel 4e5bbb6ef2 Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
Regression in 84609b3205.
2021-04-26 07:08:16 +02:00
Simon Charette 6d0cbe42c3 Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9 but
sql.Query.combine never properly handled subqueries outer refs in the
first place, see QuerySetBitwiseOperationTests.test_subquery_aliases()
(refs #27149).

Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
Mariusz Felisiak 34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
Thanks Jared Lockhart for the report.

Regression in c36075ac1d.
2021-04-21 09:41:37 +02:00
Carlton Gibson 5c73fbb6a9 Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
Regression in 30e59705fc.
2021-04-21 08:31:06 +02:00
Tobias Bengfort 54e94640ac Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite. 2021-04-20 11:44:41 +02:00
Florian Apolloner 4511d14598 Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
Thanks Jan Pieter Waagmeester for the report.

Regression in 2d6179c819.
2021-04-14 22:52:59 +02:00
Mariusz Felisiak ca98729055
Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
Thanks Matt Westcott for the report.

Regression in 779e615e36.
2021-04-14 21:11:17 +02:00
Mariusz Felisiak 338eb65b6e Refs #32548 -- Forwardported 3.2.1 release note. 2021-04-14 20:25:58 +02:00
Arthur Jovart 08c60cce3b Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template. 2021-04-14 16:50:47 +02:00
Mariusz Felisiak 23fa29f6a6
Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes.
Thanks Dlis for the report.

Regression in 26a413507a.
2021-04-14 12:23:47 +02:00
Hasan Ramezani a77c9a4229 Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition.
Regression in b7b7df5fbc.

Thanks Szymon Zmilczak for the report.
2021-04-14 10:06:18 +02:00
Mariusz Felisiak 3b8527e32b
Fixed #32637 -- Restored exception message on technical 404 debug page.
Thanks Atul Varma for the report.
2021-04-13 09:15:04 +02:00
Iuri de Silvio 9760e262f8 Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns. 2021-04-12 21:11:40 +02:00
Adam Johnson 45a58c31e6 Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD. 2021-04-08 13:17:08 +02:00
Claude Paroz 30e123ed35 Fixed #32575 -- Added support for SpatiaLite 5. 2021-04-08 09:36:29 +02:00
Claude Paroz 3ae4344bbd Dropped support for GEOS 3.5 and GDAL 2.0. 2021-04-07 20:39:30 +02:00
girishsontakke 98abc0c90e Fixed #32501 -- Added support for returning fields from INSERT statements on SQLite 3.35+. 2021-04-07 20:09:56 +02:00
Carlton Gibson 3f2920ae1d Corrected release number format in 3.2.1 release notes. 2021-04-07 19:44:29 +02:00
Claude Paroz e3cfba0029 Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9. 2021-04-07 15:54:24 +02:00
Carlton Gibson 5b05a45c62
Corrected wrapping in 3.2 release notes.
Partially reverts 0802b404a2.
2021-04-07 07:27:31 +02:00
Carlton Gibson df0a9e6d5c Added stub release notes for Django 3.2.1. 2021-04-06 11:49:48 +02:00
Carlton Gibson 0802b404a2 Added release date for Django 3.2.
Adjusted wrapping in release notes where needed.
2021-04-06 11:20:59 +02:00
Carlton Gibson 5aea50e57f Updated asgiref dependency for 3.2 release series. 2021-04-06 10:38:43 +02:00
Mariusz Felisiak 1eac8468cb Added CVE-2021-28658 to security archive. 2021-04-06 09:42:31 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
Adam Johnson e32722d160 Fixed #32383 -- Added source map support to ManifestStaticFilesStorage. 2021-04-02 12:21:21 +02:00
Maxim Milovanov d915dd1c58 Fixed #32204 -- Added quick filter to admin's navigation sidebar. 2021-03-31 09:31:37 +02:00
William Schwartz 7248afe12f Refs #32105 -- Moved ExceptionReporter template paths to properties.
Refs #32316.
2021-03-31 08:41:57 +02:00
bankc db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Chris Jerdonek 038940cf55 Fixed #29127 -- Prevented DiscoverRunner from hiding tagged test with syntax errors.
This mades _FailedTest objects always match tags in DiscoverRunner.
2021-03-30 10:26:20 +02:00
Nick Pope 2f13c476ab Fixed #31487 -- Added precision argument to Round(). 2021-03-29 09:43:08 +02:00
Florian Demmer 3a185cee2a Fixed #32573 -- Fixed bounds in __iso_year lookup optimization. 2021-03-23 21:27:55 +01:00
Baptiste Mispelon 41e6b2a3c5 Fixed #32556 -- Fixed handling empty string as non-boolean attributes value by assertHTMLEqual(). 2021-03-19 20:41:57 +01:00
Daniyal 474cc420bf Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
Tim Graham 2411b8b5eb Fixed #16010 -- Added Origin header checking to CSRF middleware.
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
Tim Graham dba44a7a7a Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. 2021-03-18 20:00:22 +01:00
Adam Johnson f6713cda89 Fixed #31370 -- Added support for parallel tests with --buffer. 2021-03-18 15:30:47 +01:00
Adam Johnson 45814af619 Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error. 2021-03-17 20:56:09 +01:00
Chris Jerdonek d828beb68f Fixed #32529 -- Delayed creating a test suite in build_suite(). 2021-03-11 10:02:06 +01:00
Mariusz Felisiak ba9a2b7544
Refs #32508 -- Raised TypeError instead of using "assert" on unsupported operations for sliced querysets. 2021-03-10 09:16:28 +01:00
Johan Schiff d01709aae2 Fixed #24141 -- Added QuerySet.contains(). 2021-03-06 20:40:29 +01:00