Commit Graph

30970 Commits

Author SHA1 Message Date
Carlton Gibson 6f80050496 Fixed #33781 -- Restored alignment for admin split-field timezone warnings.
Regression in f3e2bb0833.
Refs #33750 and #27207.
2022-07-07 11:32:05 +02:00
Christos Kopanos 608ab043f7 Fixed #33826 -- Fixed RedisCache.set_many()/delete_many() crash with an empty list. 2022-07-06 10:45:52 +02:00
Christos Kopanos fcee0d3fb6 Used list comprehensions in RedisCache.delete_many(). 2022-07-06 10:37:20 +02:00
Vladimir Kochetkov 3926e35aa8 Fixed #33823 -- Made inspectdb generate unique related_name when reverse accessor clashes. 2022-07-06 09:35:50 +02:00
Simon Charette 877c800f25 Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-07-06 07:40:07 +02:00
Mariusz Felisiak 73766c1187
Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. 2022-07-05 19:05:03 +02:00
Shawn Dong 18c5ba07cc Fixed #33822 -- Fixed save() crash on model formsets when not created by modelformset_factory().
Thanks Claude Paroz for the report.

Regression in e87f57fdb8.
2022-07-05 07:19:18 +02:00
Mariusz Felisiak 249ecc437f
Fixed #33815 -- Fixed last_executed_query() on Oracle when parameter names overlap. 2022-07-05 05:53:49 +02:00
Mariusz Felisiak d12d7c4c42 Added CVE-2022-34265 to security archive. 2022-07-04 10:27:14 +02:00
Mariusz Felisiak c6932ea2ea Added stub release notes for 4.0.7. 2022-07-04 10:06:07 +02:00
Mariusz Felisiak 54eb8a374d Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection.
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-04 08:13:41 +02:00
Ipakeev 425718726b
Fixed #33816 -- Fixed QuerySet.only() after select_related() crash on proxy models. 2022-07-04 06:37:36 +02:00
Aristotelis Mikropoulos 5eb6a2b33d
Fixed typo in docs/topics/signals.txt. 2022-07-02 16:45:24 +02:00
Mariusz Felisiak 863aa7541d
Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0.
It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1.
2022-07-01 19:05:27 +02:00
Michael Manfre 03eec9ff6c Updated vendored _urlsplit() to strip newline and tabs.
Refs Python CVE-2022-0391. Django is not affected, but others who
incorrectly use internal function url_has_allowed_host_and_scheme()
with unsanitized input could be at risk.
2022-07-01 08:48:38 +02:00
Arslan Noor 5c93a84f44 Corrected various typos in contributing docs. 2022-06-30 11:09:06 +02:00
Pablo Montepagano bb2c5f69f4
Fixed #32749 -- Doc'd PyMemcacheCache defaults. 2022-06-28 21:56:51 +02:00
Mariusz Felisiak 154dd1c0ed
Refs #33697 -- Added backward incompatibility note about removing multipartparser.parse_header(). 2022-06-28 21:45:03 +02:00
Hrushikesh Vaidya 72e41a0df6 Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28 10:54:38 +02:00
Hrushikesh Vaidya 0ee03a439b Refs #33779 -- Doc'd django.utils.html.json_script(). 2022-06-28 10:51:46 +02:00
Mehrdad d4d5427571 Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing boundary streams.
This also removes unused parse_header() and _parse_header_params()
helpers in django.http.multipartparser.
2022-06-28 09:42:47 +02:00
Mariusz Felisiak bff5c114be
Removed unnecessary _parse_header() from MultiPartParser.
Reraising ValueError was unused since its introduction in
d725cc9734.
2022-06-28 09:27:03 +02:00
Mariusz Felisiak 9cf2564d38
Bumped versions in pre-commit and npm configurations. 2022-06-28 08:53:05 +02:00
Mehrdad d6e0c7c30c Refs #33697 -- Made MediaType use django.utils.http.parse_header_parameters(). 2022-06-28 07:33:41 +02:00
Ankur eb7b8f3699 Fixed #33805 -- Made admin's many-to-many widgets do not display help text for selecting values when allow_multiple_selected is False. 2022-06-28 06:04:42 +02:00
Christopher Adams 90d2f9f416 Fixed #33422 -- Improved docs about isolating apps. 2022-06-27 11:29:21 +02:00
Mariusz Felisiak b2eff16806 Added stub release notes and release date for 4.0.6 and 3.2.14. 2022-06-27 07:13:26 +02:00
Mariusz Felisiak c48b34e26d Refs #32786 -- Made query clear ordering when ordered combined queryset is used in subquery on Oracle. 2022-06-27 06:21:31 +02:00
Mariusz Felisiak 20b6e30858 Refs #33713 -- Removed unnecessary skip for MariaDB 10.3. 2022-06-27 06:21:31 +02:00
Mariusz Felisiak 44ffd8d06f Fixed #33796 -- Fixed ordered combined queryset crash when used in subquery on PostgreSQL and MySQL.
Thanks Shai Berger for the report.

Regression in 30a0144134.
2022-06-27 06:21:31 +02:00
Ian Wootten 6f63e0ce8e
Fixed #33804 -- Corrected GinIndex.gin_pending_list_limit description in docs. 2022-06-24 14:52:21 +02:00
Mariusz Felisiak 9a22d1769b
Bumped versions in Github actions configuration. 2022-06-24 07:38:13 +02:00
Mariusz Felisiak 083bfca6b6
Fixed #33800 -- Fixed system check for the same template tag module in installed apps and template tag libraries.
Thanks Claude Paroz for the report.

Regression in 004b4620f6.
2022-06-23 20:22:59 +02:00
DhruvaPatil98 c627226d05 Fixed #33799, Refs #31685 -- Added parameters for updating conflicts to QuerySeta.abulk_create(). 2022-06-23 11:12:35 +02:00
Florian Apolloner e6f36ea0a9 Made HashedFilesMixin ignore URLs without a path. 2022-06-23 08:59:49 +02:00
Marcelo Galigniana d80a258553 Fixed #33028 -- Used ModelAdmin's opts attribute instead of model._meta. 2022-06-22 07:50:24 +02:00
Claude Paroz de74a74b4b Fixed #33794 -- Fixed string-casting of GIS queries on PostgreSQL.
Regression in 64c3f049ea.
2022-06-21 10:10:37 +02:00
Mariusz Felisiak a0608c4b11
Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0.
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5.
2022-06-21 09:09:41 +02:00
Abhinav Yadav 2887b9f67c
Fixed #33657 -- Allowed customizing formatter class of argument parsers. 2022-06-20 17:34:52 +02:00
Anv3sh d7f5bfd241 Fixed #32969 -- Fixed pickling HttpResponse and subclasses. 2022-06-20 08:51:26 +02:00
Zainab Amir 901a169198 Fixed #23689 -- Made parsing HTTP Accept-Language header case-insensitive.
Thank you Daniel Samuels for test project.
2022-06-20 07:40:28 +02:00
Ankur d19a53d8e3 Fixed #33784 -- Removed unnecessary format escaping in admin calendar widget.
Replacements were added in fa0653cd1d
where we created a callback function by concatenating strings. It's
unnecessary since d638cdc42a.
2022-06-18 20:21:28 +02:00
Matt Brewer 8d160f154f Fixed #33788 -- Added TrigramStrictWordSimilarity() and TrigramStrictWordDistance() on PostgreSQL. 2022-06-17 11:14:30 +02:00
David Wobrock 3ef37a5245 Fixed #28897 -- Fixed QuerySet.update() on querysets ordered by annotations. 2022-06-17 10:06:17 +02:00
David Wobrock f4680a112d Refs #28897 -- Added test for QuerySet.update() on querysets ordered by inline m2m annotation. 2022-06-17 10:06:12 +02:00
David Wobrock e286ce17ff Fixed #24870 -- Added --update option to makemigrations command. 2022-06-17 07:50:39 +02:00
David Wobrock 3893fcdd94 Refs #24870 -- Refactored out get_relative_path() hook in makemigrations. 2022-06-17 06:02:42 +02:00
Carlton Gibson 2a2bde52f3 Updated asgiref dependency for 4.1 release series. 2022-06-16 12:13:15 +02:00
Mariusz Felisiak 759ff4862a
Fixed #33786 -- Confirmed support for GDAL 3.5. 2022-06-16 09:44:19 +02:00
Sfurti-yb 860643e12e Added YugabyteDB to list of third-party DB backends. 2022-06-16 07:58:11 +02:00