1853724aca
Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.
2020-09-01 09:17:23 +02:00
8d7271578d
Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
...
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
2bc38bc7ca
Fixed #31901 -- Prevented content overflowing in the admin changelist with navigation sidebar.
2020-09-01 07:51:22 +02:00
179d9dc0c2
Fixed #31952 -- Fixed EmptyFieldListFilter crash with reverse relationships.
...
Thanks dacotagh for the report.
2020-08-31 09:28:05 +02:00
f6405c0b8e
Fixed #31965 -- Adjusted multi-table fast-deletion on MySQL/MariaDB.
...
The optimization introduced in 7acef095d75b83bae031#23576 .
2020-08-31 08:11:28 +02:00
0be51d2226
Fixed #31956 -- Fixed crash of ordering by JSONField with a custom decoder on PostgreSQL.
...
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.
2020-08-28 19:09:46 +02:00
825ce75fae
Fixed #31928 -- Fixed detecting an async get_response in various middlewares.
...
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.
This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.
Thanks Kordian Kowalski for the report.
2020-08-28 12:33:15 +02:00
e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator.
...
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.
Thanks tytusd and leonyxz for reports.
Regression in edeec1247e26554cf5d1
2020-08-28 05:57:36 +02:00
1251772cb8
Fixed #31936 -- Fixed __in lookup on key transforms for JSONField.
...
This resolves an issue on databases without a native JSONField
(MariaDB, MySQL, SQLite, Oracle), where values must be wrapped.
Thanks Sébastien Pattyn for the report.
2020-08-26 22:13:37 +02:00
b9be11d442
Fixed #31918 -- Allowed QuerySet.in_bulk() to fetch on a single distinct field.
2020-08-26 09:43:39 +02:00
547a07fa7e
Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-08-26 07:13:49 +02:00
0b0658111c
Removed trailing whitespace in 3.2 release notes.
2020-08-25 10:02:56 +02:00
9f8c7d2b4b
Moved CreateExtension release notes into django.contrib.postgres section.
2020-08-25 06:13:19 +02:00
bb8f66934d
Fixed #31877 -- Reverted "Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context."
...
This reverts commit 4ed534758c
2020-08-24 11:37:59 +02:00
04e87e79a0
Refs #31877 -- Reverted "Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning."
...
This reverts commit 20799cc0a6
2020-08-24 11:37:59 +02:00
3e753d3de3
Fixed #31925 -- Fixed typo in docs/releases/3.0.txt.
2020-08-21 09:47:37 +02:00
4376c2c7f8
Fixed #31895 -- Fixed crash when decoding invalid session data.
...
Thanks Matt Hegarty for the report.
Regression in d4fff711d4
2020-08-19 12:06:00 +02:00
35b03788b0
Refs #9061 -- Allowed GenericInlineFormSet to disable deleting extra forms.
...
Follow up to 162765d6c3
2020-08-18 09:37:15 +02:00
3254991762
Refs #20347 -- Allowed customizing the maximum number of instantiated forms in generic_inlineformset_factory().
...
Follow up to 433dd737f9
2020-08-18 09:37:15 +02:00
dd5173ca1b
Fixed #31892 -- Added backward incompatibility note about Media <script> tags changes.
...
Refs 31080.
2020-08-17 10:13:18 +02:00
61a0ba43cf
Refs #31811 -- Added optional timing outputs to the test runner.
2020-08-13 17:17:15 +02:00
21768a99f4
Refs #31863 -- Added release notes for 94ea79be13.
2020-08-13 16:29:55 +02:00
20799cc0a6
Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning.
...
SimpleLazyObjects cause a crash when filtering.
Thanks Tim L. White for the report.
Regression in 4ed534758c
2020-08-13 07:26:10 +02:00
63300f7e68
Fixed #21181 -- Added Collate database function.
...
Thanks Simon Charette for reviews.
2020-08-11 22:21:08 +02:00
60626162f7
Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()).
2020-08-11 11:55:10 +02:00
0aeb802cf0
Fixed #31865 -- Adjusted admin nav sidebar template to reduce debug logging.
...
Thanks to Mariusz Felisiak for review.
2020-08-11 11:42:15 +02:00
8a5683b6b2
Added stub release notes for 2.2.16 and 3.0.10.
2020-08-11 10:31:44 +02:00
b2b0711b55
Refs #31864 -- Doc'd that DEFAULT_HASHING_ALGORITHM requires 3.1.1+ in release notes.
2020-08-08 17:32:28 +02:00
99abfe8f4d
Fixed #31864 -- Fixed encoding session data during transition to Django 3.1.
...
Thanks אורי for the report.
2020-08-07 21:42:39 +02:00
0a306f7da6
Fixed #25513 -- Extracted admin pagination to Paginator.get_elided_page_range().
2020-08-06 12:38:56 +02:00
b203ec70fd
Refs #25513 -- Adjusted admin pagination to be 1-indexed.
2020-08-06 12:38:56 +02:00
e70dc506d7
Fixed #31854 -- Fixed wrapping of long model names in admin's sidebar.
2020-08-05 10:54:25 +02:00
b0af56f639
Fixed #31853 -- Fixed wrapping of translated action labels in admin sidebar.
2020-08-05 10:24:16 +02:00
c7e7f176c1
Fixed #26977 -- Made abstract models raise TypeError when instantiating.
2020-08-05 06:37:04 +02:00
6c19230297
Added stub release notes for 3.1.1.
2020-08-04 10:34:38 +02:00
df37c2ec76
Finalized release notes for Django 3.1.
2020-08-04 09:47:34 +02:00
d907371ef9
Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
b68b8cb89a
Added release date for 2.2.15 and 3.0.9.
2020-08-03 08:52:28 +02:00
1d6fdca557
Refs #27468 -- Added tests and release notes for signing.dumps()/loads() changes.
...
Follow up to 71c4fb7beb
2020-07-31 22:05:02 +02:00
f4ac167119
Fixed #27719 -- Added QuerySet.alias() to allow creating reusable aliases.
...
QuerySet.alias() allows creating reusable aliases for expressions that
don't need to be selected but are used for filtering, ordering, or as
a part of complex expressions.
Thanks Simon Charette for reviews.
2020-07-31 13:19:33 +02:00
1173db4a16
Fixed #31822 -- Added support for comments URL per feed item.
...
The item_comments hook returns a comments URL which is then used by the
feed builder.
2020-07-30 07:36:27 +02:00
95da207bdb
Fixed #28507 -- Made ValidationError.__eq__() ignore messages and params ordering.
...
Co-authored-by: caleb logan <clogan202@gmail.com>
2020-07-29 12:04:13 +02:00
16218c2060
Fixed #27395 -- Added sitemap 'alternates' generation.
...
Updated the sitemap generator and default template to optionally
include link elements with hreflang attribute to alternate language
URLs.
2020-07-29 11:48:29 +02:00
948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).
2020-07-29 09:06:54 +02:00
ba691933ce
Fixed #31836 -- Dropped support for JSONField __contains and __contained_by lookups on SQLite.
...
The current implementation works only for basic examples without
supporting nested structures and doesn't follow "the general principle
that the contained object must match the containing object as to
structure and data contents, possibly after discarding some
non-matching array elements or object key/value pairs from the
containing object".
2020-07-28 13:06:52 +02:00
83fbaa9231
Fixed #31806 -- Made validators include the value in ValidationErrors.
2020-07-27 13:03:26 +02:00
ff55adbd0d
Reverted "Fixed #30300 -- Allowed migrations to be loaded from directories without __init__.py file."
...
This reverts commit 3cd3bebe89
2020-07-22 07:04:06 +02:00
3f2821af6b
Fixed #31180 -- Configured applications automatically.
2020-07-21 10:35:12 +02:00
96a3ea39ef
Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.
...
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.
See https://bugs.python.org/issue39073
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-07-20 07:10:40 +02:00
3d16496037
Bumped asgiref requirement to >= 3.2.10.
...
Forwardported 3.1 release notes from 474f65406f
2020-07-17 21:15:21 +02:00
8fa9a6d29e
Fixed #31623 -- Allowed specifying number of adjacent time units in timesince()/timeuntil().
2020-07-16 09:44:28 +02:00
9bc8b1ad2d
Refs #31790 -- Removed incorrect item from 2.2.15 and 3.0.9 release notes.
...
Django 2.2 and 3.0 don't support settings samesite='None' in
HttpResponse.set_cookie() so fix is not necessary and will not be
backported.
2020-07-16 09:27:09 +02:00
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
1e38f1191d
Fixed #30446 -- Resolved Value.output_field for stdlib types.
...
This required implementing a limited form of dynamic dispatch to combine
expressions with numerical output. Refs #26355 should eventually provide
a better interface for that.
2020-07-15 10:58:29 +02:00
2cd3e7eeaf
Added Igbo language.
2020-07-14 20:44:41 +02:00
e906ff6fca
Fixed #30457 -- Added TestCase.captureOnCommitCallbacks().
2020-07-13 11:56:46 +02:00
ca6c5e5fc2
Fixed #31770 -- Allowed select_for_update(of) on MySQL 8.0.1+.
2020-07-13 10:15:43 +02:00
b7a438c7e2
Fixed #31509 -- Made DiscoverRunner enable faulthandler by default.
2020-07-10 18:55:50 +02:00
7d6916e827
Fixed #29789 -- Added support for nested relations to FilteredRelation.
2020-07-09 20:24:00 +02:00
779e615e36
Fixed #31573 -- Made QuerySet.update() respect ordering on MariaDB/MySQL.
2020-07-08 11:43:50 +02:00
af2b3fee08
Added Turkmen language.
2020-07-08 08:43:28 +02:00
cb0da637a6
Fixed #31713 -- Added SpatialReference support to GDALRaster.transform().
2020-07-07 09:26:44 +02:00
5d4b9c1cab
Refs #12990 -- Added example to JSONField release notes.
2020-07-03 12:45:39 +02:00
baf404f749
Fixed #30945 -- Doc'd plural equations changes in 2.2. release notes.
2020-07-03 09:38:18 +02:00
c2a835703f
Added stub release notes for 3.0.9.
2020-07-01 07:00:43 +02:00
0f3aecf581
Added release date for 2.2.14 and 3.0.8.
2020-07-01 06:16:32 +02:00
615e32162f
Fixed #31751 -- Fixed database introspection with cx_Oracle 8.
2020-06-30 09:50:15 +02:00
8984cab8a8
Fixed #31620 -- Added support for %V format to WeekMixin/WeekArchiveView.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-06-26 11:12:57 +02:00
e13cfc6dfd
Fixed #31596 -- Changed ForeignKey.validate() to use the base manager.
2020-06-25 11:36:20 +02:00
074844e947
Fixed #31529 -- Added support for serialization of pathlib.Path/PurePath and os.PathLike in migrations.
2020-06-24 11:45:34 +02:00
162765d6c3
Fixed #9061 -- Allowed FormSets to disable deleting extra forms.
...
Thanks to Dan Ward for the initial patch.
2020-06-24 09:26:25 +02:00
2e8941b6f9
Fixed #31735 -- Fixed migrations crash on namespaced inline FK addition on PostgreSQL.
...
The namespace of the constraint must be included when making the
constraint immediate.
Regression in 22ce5d0031
2020-06-24 08:37:20 +02:00
258c88a913
Refs #5691 -- Made cache keys independent of USE_L10N.
...
This mostly reverts af1893c4ff
2020-06-22 10:55:12 +02:00
27c09043da
Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator.
2020-06-18 21:43:20 +02:00
26a413507a
Fixed #6933 -- Added support for searching against quoted phrases in ModelAdmin.search_fields.
2020-06-18 20:17:20 +02:00
10df5b7177
Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments.
2020-06-17 13:15:56 +02:00
1621f06051
Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.
2020-06-17 08:10:41 +02:00
faad809e09
Refs #30472 -- Simplified Argon2PasswordHasher with argon2-cffi 19.1+ API.
2020-06-17 08:10:41 +02:00
e29637681b
Fixed #30190 -- Added JSONL serializer.
2020-06-16 16:51:58 +02:00
0d6d4e78b1
Fixed #31709 -- Added support for opclasses in ExclusionConstraint.
2020-06-16 08:16:14 +02:00
7edc6e53a7
Fixed #31702 -- Added support for PostgreSQL opclasses in UniqueConstraint.
2020-06-16 07:19:00 +02:00
a16080810b
Fixed #31696 -- Updated OWASP links in docs.
2020-06-15 09:44:08 +02:00
a8473b4d34
Fixed #31691 -- Added ordering support to JSONBAgg.
2020-06-13 00:06:29 +02:00
e0cdd0fcf5
Fixed #31649 -- Added support for covering exclusion constraints on PostgreSQL 12+.
2020-06-12 23:23:21 +02:00
db8268bce6
Added support for the Tajik language.
...
Thanks Sirius Sufiew for contributing that support.
2020-06-12 17:47:22 +02:00
4339f2aff2
Refs #31682 -- Doc'd minimal sqlparse version in Django 2.2.
...
Support for sqlparse < 0.2.2 was broken in
40b0a58f5f
2020-06-10 06:53:32 +02:00
b38d44229f
Fixed #31664 -- Reallowed using non-expressions having filterable attribute as rhs in queryset filters.
...
Regression in 4edad1ddf6
2020-06-08 08:17:23 +02:00
78ad4b4b02
Fixed #31660 -- Fixed queryset crash when grouping by m2o relation.
...
Regression in 3a941230c8
2020-06-08 07:21:54 +02:00
433dd737f9
Fixed #20347 -- Allowed customizing the maximum number of instantiated forms in formsets.
...
Co-authored-by: ethurgood <ethurgood@gmail.com>
2020-06-05 12:01:32 +02:00
926148ef01
Fixed #31654 -- Fixed cache key validation messages.
2020-06-05 07:21:52 +02:00
8c7992f658
Fixed #30913 -- Added support for covering indexes on PostgreSQL 11+.
2020-06-04 12:26:22 +02:00
9e57b1efb5
Fixed #30134 -- Ensured unlocalized numbers are string representation in templates.
2020-06-04 10:34:54 +02:00
e24b63fe85
Refs #31630 -- Removed DatabaseFeatures.can_introspect_autofield.
2020-06-04 08:27:46 +02:00
e198beadad
Fixed #31630 -- Replaced introspection features with DatabaseFeatures.introspected_field_types.
2020-06-04 08:27:42 +02:00
dbdc192ca3
Preferred usage of among/while to amongst/whilst.
2020-06-03 21:02:48 +02:00
54975780ee
Added CVE-2020-13254 and CVE-2020-13596 to security archive.
2020-06-03 12:03:37 +02:00
7ec2658e1e
Added stub release notes for 3.0.8.
2020-06-03 10:54:29 +02:00
2c82414914
Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends.
2020-06-03 09:24:26 +02:00
2dd4d110c1
Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdWidget.
2020-06-03 09:23:00 +02:00
81dc710571
Added release date for 2.2.13 and 3.0.7.
2020-06-03 09:13:16 +02:00
Mariusz Felisiak
007gzs
Federico Jaramillo Martínez
Simon Charette
Kevin Michel
Kaustubh
Michael Galler
Cleiton de Lima
Jon Dufresne
Ahmad A. Hussein
Adam Johnson
Tom Carrick
Daniel Hillier
Carlton Gibson
Uri
Nick Pope
Jacob Walls
Alexandr Tatarinov
Viktor Garske
David Smith
Florian Demmer
Florian Apolloner
Tim Graham
Aymeric Augustin
Florian Apolloner
Tim Park
Simon Charette
Kelechi Precious Nwachukwu
ovkulkarni
matt ferrante
davidchorpash
Resulkary
rico-ci
Tom Forbes
David Smith
Hasan Ramezani
Claude Paroz
Alix
Ali Vakilzade
Hannes Ljungberg
John Parton
Nicolas Baccelli
Dan Palmer