Florian Apolloner
e1592e0f26
[4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
...
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:10:14 +01:00
Florian Apolloner
2a8ec7f546
[4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
...
Thanks to Dennis Brinkrolf for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:10:14 +01:00
Florian Apolloner
df79ef03ac
[4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:10:14 +01:00
Mariusz Felisiak
b5f60ef5a7
[4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4.
...
psycopg2 2.8.4 is the first release to support Python 3.8.
Backport of ca04659b4b
from main
2021-12-22 20:33:49 +01:00
Simon Charette
7e6a2e3b45
[4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector.
...
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.
This likely slipped under the radar for so long and only regressed in
b9df2b74b9
because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.
Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.
Backport of 4328970780
from main
2021-12-17 10:00:33 +01:00
Mariusz Felisiak
c1d2e8b9b8
[4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest.
...
Regression in 3fd82a6241
.
Thanks Terence Honles for the report.
Backport of 40165eecc4
from main
2021-12-16 20:14:17 +01:00
Jeremy Lainé
3b03bce122
[4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans.
...
Backport of 2f33217ea2
from main
2021-12-14 08:46:16 +01:00
Baptiste Mispelon
15031852c5
[4.0.x] Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form".
...
Thanks OutOfFocus4 for the report.
Regression in 456466d932
.
Backport of cb383753c0
from main.
2021-12-08 21:13:00 +01:00
Mariusz Felisiak
01c0fb9d19
[4.0.x] Updated asgiref dependency for 4.0 release series.
...
Backport of 513441240f
from main
2021-12-07 09:55:18 +01:00
Florian Apolloner
20b9ad36ff
[4.0.x] Fixed #30530 , CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
...
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
Backport of d4dcd5b9dd
from main.
2021-12-07 06:29:34 +01:00
Mariusz Felisiak
4c5215ab03
[4.0.x] Updated translations from Transifex.
...
This also fixes related i18n tests.
Co-authored-by: Claude Paroz <claude@2xlibre.net>
2021-12-06 20:29:53 +01:00
Hannes Ljungberg
fed7f992ac
[4.0.x] Fixed #33335 -- Made model validation ignore functional unique constraints.
...
Regression in 3aa545281e
.
Thanks Hervé Le Roy for the report.
Backport of 1eaf38fa87
from main
2021-12-06 13:28:54 +01:00
Mariusz Felisiak
7bde53a7ae
[4.0.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle.
...
Grouping by LOBs is not allowed on Oracle. This moves a binary field to
a separate model.
Backport of d3a64bea51
from main
2021-12-04 15:55:31 +01:00
Mariusz Felisiak
2c20883cb0
[4.0.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL.
...
This makes models.BinaryField pickleable on PostgreSQL.
Regression in 3cf80d3fcf
.
Thanks Adam Zimmerman for the report.
Backport of 2c7846d992
from main.
2021-12-03 11:58:55 +01:00
Can Sarigol
d54aa49a7d
[4.0.x] Fixed #33279 -- Fixed handling time zones with "-" sign in names.
...
Thanks yakimka for the report.
Regression in fde9b7d35e
.
Backport of 661316b066
from main.
2021-11-12 11:14:08 +01:00
Mariusz Felisiak
45de30dc69
[4.0.x] Refs #33263 -- Added warning to BaseDeleteView when delete() method is overridden.
...
Follow up to 3a45fea083
.
Backport of 6bc437c0d8
from main
2021-11-09 09:04:12 +01:00
Mariusz Felisiak
b7b3bbc835
[4.0.x] Fixed #33253 -- Reverted "Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage."
...
This reverts commit 91e21836f6
.
`export` and `import` directives have several syntax variants and not
all of them were properly covered.
Thanks Hervé Le Roy for the report.
Backport of ba9ced3e9a
from main
2021-11-05 12:11:59 +01:00
Carlton Gibson
499384b6d1
[4.0.x] Fixed #33237 -- Fixed detecting source maps in ManifestStaticFilesStorage for multiline files.
...
Switched regex to multiline mode in order to match per-line, rather
than against the whole file.
Thanks to Joseph Abrahams for the report.
Regression in 781b44240a
.
Backport of 4816dc9428
from main
2021-11-04 21:41:25 +01:00
Mariusz Felisiak
e2fe0429ab
[4.0.x] Fixed #33234 -- Fixed autodetector crash for proxy models inheriting from non-model class.
...
Regression in aa4acc164d
.
Thanks Kevin Marsh for the report.
Backport of dab48b7482
from main
2021-11-02 15:35:52 +01:00
David Wobrock
ea00a0843e
[4.0.x] Fixed #31503 -- Made autodetector remove unique/index_together before altering fields.
...
Backport of 0314593fe8
from main
2021-10-25 10:45:35 +02:00
Hasan Ramezani
c9ebe4ca4e
[4.0.x] Fixed #33205 -- Made call_command() raise TypeError when dest with multiple arguments is passed.
...
Backport of c1e4111c74
from main
2021-10-25 10:09:06 +02:00
Mariusz Felisiak
a2e1cdc8ca
[4.0.x] Fixed #33215 -- Confirmed support for GEOS 3.10.
...
Backport of 9231526af4
from main
2021-10-21 20:25:28 +02:00
Vinay Karanam
354bbf1fd2
[4.0.x] Fixed #33043 -- Made method_decorator() preserve wrapper assignments.
...
Regression in f434f5b84f
.
Backport of 8806e8809e
from main
2021-10-20 18:52:10 +02:00
David Smith
5d62beb61a
[4.0.x] Refs #32956 -- Capitalized HTTP/HTTPS in comments, docs, and docstrings.
...
Backport of 7ef0bc922c
from main
2021-10-20 09:11:04 +02:00
David Smith
6aa917383f
[4.0.x] Refs #32956 -- Changed docs to treat the acronym HTTP phonetically.
...
Backport of 69b0736fad
from main
2021-10-19 06:33:00 +02:00
Hannes Ljungberg
00aa3e0b9b
[4.0.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes/unique constraints on SQLite.
...
This adjusts Expressions.rename_table_references() to only update alias
when needed.
Regression in 83fcfc9ec8
.
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
Backport of 86971c4090
from main
2021-10-18 09:36:21 +02:00
Mariusz Felisiak
6a16d53039
[4.0.x] Refs #32074 -- Removed usage of deprecated asyncore and smtpd modules.
...
asyncore and smtpd modules were deprecated in Python 3.10.
Backport of 569a33579c
from main
2021-10-15 09:58:53 +02:00
Martin Svoboda
dd8945d361
[4.0.x] Fixed #33008 -- Fixed prefetch_related() for deleted GenericForeignKeys.
...
Thanks Simon Charette for the implementation idea.
Backport of cc4cb95bef
from main
2021-10-14 13:07:24 +02:00
Mariusz Felisiak
8ab95364b5
[4.0.x] Refs #27131 -- Removed SMTPBackendTests.test_server_login().
...
test_server_login() was a regression test for a crash when passing
Unicode strings to SMTP server using CRAM-MD5 method on Python 2.
Python 2 is no longer supported and test_server_login() passes even
without FakeSMTPChannel.smtp_AUTH() because
smtplib.SMTPAuthenticationError is raised when AUTH is not implemented.
Backport of cdad96e633
from main
2021-10-14 11:37:53 +02:00
Christophe Henry
048fbf9c89
[4.0.x] Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode.
...
Backport of b1b26b37af
from main.
2021-10-12 08:43:56 +02:00
Christophe Henry
b55df4c74a
[4.0.x] Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Backport of 4ff500f294
from main
2021-10-12 07:43:17 +02:00
Mariusz Felisiak
224fa0bc7d
[4.0.x] Refs #29628 , Refs #33178 -- Made createsuperuser validate password against required fields passed in options.
...
Backport of da266b3c5c
from main
2021-10-12 07:41:51 +02:00
Christophe Henry
f2a59630f4
[4.0.x] Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode.
...
Backport of df2d2bc95c
from main
2021-10-07 13:11:18 +02:00
Maxim Milovanov
f6c7e75cdf
[4.0.x] Fixed #33156 -- Used sessionStorage to preserve quick filter for admin's navigation sidebar.
...
Backport of 1c802ca2a9
from main
2021-10-06 09:02:45 +02:00
Nick Pope
fbcd7df120
[4.0.x] Fixed SpGistIndex tests on PostgreSQL 14+.
...
Backport of dd26362f63
from main
2021-10-01 09:43:32 +02:00
Daniel Hahler
81bb0ae221
[4.0.x] Fixed #33160 -- Avoided suppressing query errors in _nodb_cursor() on PostgreSQL.
...
Backport of 98c8bf1cee
from main
2021-10-01 07:24:45 +02:00
Aljaž Košir
0a49276065
[4.0.x] Fixed #33155 -- Made ModelChoiceIteratorValue instances hashable.
...
Backport of 7b8beeee3d
from main
2021-09-30 12:09:24 +02:00
Mariusz Felisiak
93a42d43a6
[4.0.x] Fixed #33159 -- Reverted "Fixed #32970 -- Changed WhereNode.clone() to create a shallow copy of children."
...
This reverts commit e441847eca
.
A shallow copy is not enough because querysets can be reused and
evaluated in nested nodes, which shouldn't mutate JOIN aliases.
Thanks Michal Čihař for the report.
Backport of 903aaa35e5
from main
2021-09-30 11:26:53 +02:00
David Wobrock
b2a0978610
[4.0.x] Fixed #33018 -- Fixed annotations with empty queryset.
...
Thanks Simon Charette for the review and implementation idea.
Backport of dd1fa3a31b
from main
2021-09-29 20:53:16 +02:00
David Wobrock
aab76433ed
[4.0.x] Fixed #33141 -- Renamed Expression.empty_aggregate_value to empty_result_set_value.
...
Backport of ad36a198a1
from main
2021-09-29 20:52:59 +02:00
Chenyang Yan
ee79fe0f8e
[4.0.x] Fixed #33027 -- Made autoreloader pass -X options.
...
Backport of 36d54b7a14
from main
2021-09-29 12:04:45 +02:00
David Smith
0b62518ff4
[4.0.x] Fixed #33134 -- Fixed recursion depth error when rendering Form with BoundFields.
...
Regression in 456466d932
.
Backport of 4884a87e02
from main
2021-09-29 10:55:01 +02:00
Chinmoy Chakraborty
6f31041794
[4.0.x] Fixed #33033 -- Prevented models.DecimalField from accepting NaN values.
...
Backport of b7fd668b37
from main
2021-09-28 13:57:45 +02:00
Jaap Roes
25cfa5db0f
[4.0.x] Fixed #33130 -- Restored form errors to be a dict.
...
Regression in 456466d932
.
Backport of 7fe9b6f6df
from main
2021-09-24 12:14:11 +02:00
Jaap Roes
5d36af6f6f
[4.0.x] Fixed #33132 -- Fixed test client handling of querystring only redirects.
...
Regression in 1e5aa8e1c7
.
Backport of b1bf8c8a4b
from main
2021-09-24 08:23:41 +02:00
Carlton Gibson
8467c4ed3e
[4.0.x] Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom.
...
Thanks Benjamin Locher for the report.
Regression in 30e59705fc
.
Backport of b0ed619303
from main
2021-09-21 19:59:09 +02:00
Hasan Ramezani
668b990bf6
[4.0.x] Fixed #33111 -- Fixed passing object to ModelAdmin.get_inlines() when editing in admin change view.
...
ModelAdmin.get_inlines() should get an unmutated object when creating
formsets during POST request.
Backport of 2f0f30f973
from main
2021-09-21 13:35:47 +02:00
Mariusz Felisiak
bc1fa8ebcd
[4.0.x] Refs #31026 -- Fixed forms_tests if Jinja2 is not installed.
...
Backport of 881a479911
from main
2021-09-21 10:18:03 +02:00
Cleiton Lima
a077f10df4
[4.0.x] Fixed #33070 -- Fixed loading translations with language subtags in admin's Select2 widget.
...
Backport of 8eb5693091
from main
2021-09-21 08:07:59 +02:00
David Smith
456466d932
Fixed #31026 -- Switched form rendering to template engine.
...
Thanks Carlton Gibson, Keryn Knight, Mariusz Felisiak, and Nick Pope
for reviews.
Co-authored-by: Johannes Hoppe <info@johanneshoppe.com>
2021-09-20 15:50:18 +02:00