Commit Graph

26757 Commits

Author SHA1 Message Date
Florian Apolloner e34f3c0e9e [2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
2019-07-29 11:06:54 +02:00
Florian Apolloner c3289717c6 [2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-07-29 11:00:01 +02:00
daniel a rios f9462f4c82 [2.2.x] Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
Backport of 68aeb90160 from master
2019-07-29 10:10:00 +02:00
daniel a rios b4139ed6ea [2.2.x] Refs #30656 -- Reorganized bulk methods in the database optimization docs.
Backport of fe33fdc049 from master
2019-07-29 10:09:53 +02:00
Carlton Gibson ea57c8a345 [2.2.x] Added stub release notes for security releases.
Backport of f13147c8de from master
2019-07-25 10:50:18 +02:00
Tom Forbes 4d6449e125 [2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
Backport of fc75694257 from master.
2019-07-24 14:38:24 +02:00
terminator14 61d4a15989 [2.2.x] Fixed typo in docs/topics/http/sessions.txt.
Backport of 8323691de0 from master
2019-07-23 15:11:54 +02:00
Tom Forbes 2d2859bec2 [2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
Backport of 2ff517ccb6 from master.
2019-07-23 10:41:50 +02:00
Mariusz Felisiak 506f800ead [2.2.x] Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
Thanks Carlton Gibson the review.

Backport of fc1182af01 from master
2019-07-19 16:07:29 +02:00
Mariusz Felisiak fa3ae446d9 [2.2.x] Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
Backport of a2e1c17f19 from master
2019-07-19 16:07:21 +02:00
Davit Gachechiladze de2635fb4e [2.2.x] Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
Backport of 7f612eda80 from master
2019-07-18 19:47:53 +02:00
Mariusz Felisiak 0088e59292 [2.2.x] Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
Backport of 230d75f59c from master
2019-07-18 12:56:52 +02:00
Mariusz Felisiak 4814db40c1 [2.2.x] Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
Backport of ad4e83a6d1 from master
2019-07-16 15:08:40 +02:00
Frank Wiles d58cde7444 [2.2.x] Updated WSGI servers ordering according to the more commonly used.
Backport of fa65b90a96 from master
2019-07-16 14:44:29 +02:00
Frank Wiles de19a600f0 [2.2.x] Fixed explanation of how to automatically create tables in database.
Backport of c1b94e32fb from master
2019-07-15 15:24:44 +02:00
Hasan Ramezani a39365c48e [2.2.x] Doc'd --no-input option for createsuperuser.
Backport of 8dd5877f58 from master
2019-07-11 10:26:16 +02:00
Mariusz Felisiak 1088a9777d [2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson for the review.

Regression in 6b048b364c.
Backport of 7991111af1 from master
2019-07-10 10:34:49 +02:00
Simon Charette 9dee8515d6 [2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
Expressions referring to different bound fields should not be
considered equal.

Thanks Julien Enselme for the detailed report.

Regression in bc7e288ca9.

Backport of ee6e93ec87 from master
2019-07-10 08:04:45 +02:00
Mariusz Felisiak 8f0b9e7f9a [2.2.x] Fixed typos in docs/ref/django-admin.txt.
Backport of 24e8f7f7d3 from master
2019-07-09 13:39:35 +02:00
Mariusz Felisiak b593c39d7f [2.2.x] Added stub release notes for 2.2.4.
Backport of 08e69cad9c from master
2019-07-09 07:45:27 +02:00
sp1rs 0ea952e3d6 [2.2.x] Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match.
Backport of f197c3dd91 from master
2019-07-04 13:36:10 +02:00
swatantra 7d52d056e3 [2.2.x] Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model.
Backport of c13e3715f5 from master
2019-07-04 08:22:56 +02:00
Carlton Gibson b6d8957356 [2.2.x] Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.
Equivalent note for PermissionsMixin was added in d33864ed13.
Backport of 4b32d039db from master
2019-07-02 11:21:46 +02:00
aitoehigie b9d1bb6955 [2.2.x] Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes.
Backport of c2f381ef17 from master
2019-07-01 12:03:56 +02:00
Mariusz Felisiak 2b533ae60e [2.2.x] Added CVE-2019-12781 to the security release archive.
Backport of 868cd56f05 from master
2019-07-01 10:21:16 +02:00
Mariusz Felisiak 5d39f62f7e [2.2.x] Post-release version bump. 2019-07-01 08:21:52 +02:00
Mariusz Felisiak 89e9a4aeb6 [2.2.x] Bumped version for 2.2.3 release. 2019-07-01 07:55:16 +02:00
Mariusz Felisiak 93e719efdb [2.2.x] Updated man page for Django 2.2. 2019-07-01 07:54:32 +02:00
Mariusz Felisiak 4f2713ff0e [2.2.x] Added release date for 2.2.3.
Backport of fc41401f33 from master
2019-07-01 07:51:53 +02:00
Carlton Gibson 77706a3e47 [2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f from master
2019-07-01 07:50:48 +02:00
Mariusz Felisiak db9f7b44fc [2.2.x] Added stub release notes for security releases.
Backport of 30b3ee9d0b from master
2019-07-01 07:03:03 +02:00
Mariusz Felisiak 395cf7c375 [2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
Backport of 4305fbe8b1 from master
2019-06-30 19:46:40 +02:00
Claude Paroz b3f7262e6e [2.2.x] Updated translations from Transifex 2019-06-29 16:15:53 +02:00
Tom Forbes bdc1de2199 [2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
Backport of 8454f6dea4 from master
2019-06-26 06:44:57 +02:00
Meysam 04965bf92d [2.2.x] Fixed typo in docs/topics/db/models.txt.
Backport of 833878411c from master
2019-06-24 09:05:15 +02:00
Alexey Opalev f3b036593f [2.2.x] Fixed typo in docs/ref/models/indexes.txt.
Backport of 2f91e7832f from master
2019-06-24 09:01:12 +02:00
Claude Paroz 3b2701e4f2 [2.2.x] Removed unneeded non-breaking spaces added in 00169bc36
Backport of 8590726a5d from master.
2019-06-22 10:28:26 +02:00
Markus Holtermann 2525785880 [2.2.x] Bumped minimum ESLint version to 4.18.2.
Backport of ad7b438002 from master.
2019-06-21 18:00:32 +02:00
Jon Dufresne e6b2471ce7 [2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
Backport of 2ef6f209f7 from master
2019-06-21 07:10:32 +02:00
Chris Jerdonek d200069b15 [2.2.x] Refs #30565 -- Doc'd HttpResponse.close() method.
Backport of 533311782f from master
2019-06-20 11:49:52 +02:00
Swat009 c3a0f76d11 [2.2.x] Fixed #30547 -- Doc'd how Meta.constraints affect model validation.
Backport of 00169bc361 from master
2019-06-20 10:45:20 +02:00
Hasan Ramezani c3a9d3050c [2.2.x] Fixed typos in signals and custom management commands docs.
Backport of a7038adbd0 from master
2019-06-19 08:41:51 +02:00
Hasan Ramezani 1ce04289f1 [2.2.x] Fixed typos and example in signals.pre_init docs.
Backport of 036362e0cf from master
2019-06-18 15:09:07 +02:00
Joachim Jablon 26c1214364 [2.2.x] Fixed an example of email with display name in EmailMessage.from_email.
Backport of 0c2ffdd526 from master
2019-06-13 18:00:28 +02:00
Jon Dufresne 13e6040fd4 [2.2.x] Fixed intword example in docs/ref/contrib/humanize.txt.
Backport of 175656e166 from master
2019-06-11 22:12:24 +02:00
Vyacheslav Ver 36766e1a28 [2.2.x] Fixed #30486 -- Fixed the default value of Aggregate.distinct and updated example of custom aggregate functions.
Backport of 76b3fc5c8d from master
2019-06-11 12:02:02 +02:00
Mykola Nicholas d5d22e1090 [2.2.x] Changed charset and collation link to MySQL docs.
Backport of f3a03d5b61 from master
2019-06-11 11:17:23 +02:00
Mariusz Felisiak 430f7e9dac [2.2.x] Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
Backport of 5ab75adb90 from master
2019-06-10 16:57:50 +02:00
swatantra 6dca336167 [2.2.x] Fixed #30553 -- Clarified the default value of disable_existing_loggers.
Backport of 03cd3d137e from master
2019-06-10 15:18:40 +02:00
Étienne Beaulé 4e6f0024f1 [2.2.x] Fixed #30542 -- Fixed crash of numerical aggregations with filter.
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.

Thanks to Chuan-Zheng Lee for the report.

Regression in c690afb873 and two following
commits.

Backport of 4b6dfe1622 from master.
2019-06-05 09:15:21 +02:00