Florian Apolloner
e34f3c0e9e
[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:06:54 +02:00
Florian Apolloner
c3289717c6
[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:00:01 +02:00
daniel a rios
f9462f4c82
[2.2.x] Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
...
Backport of 68aeb90160
from master
2019-07-29 10:10:00 +02:00
daniel a rios
b4139ed6ea
[2.2.x] Refs #30656 -- Reorganized bulk methods in the database optimization docs.
...
Backport of fe33fdc049
from master
2019-07-29 10:09:53 +02:00
Carlton Gibson
ea57c8a345
[2.2.x] Added stub release notes for security releases.
...
Backport of f13147c8de
from master
2019-07-25 10:50:18 +02:00
Tom Forbes
4d6449e125
[2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
...
Backport of fc75694257
from master.
2019-07-24 14:38:24 +02:00
terminator14
61d4a15989
[2.2.x] Fixed typo in docs/topics/http/sessions.txt.
...
Backport of 8323691de0
from master
2019-07-23 15:11:54 +02:00
Tom Forbes
2d2859bec2
[2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
...
Backport of 2ff517ccb6
from master.
2019-07-23 10:41:50 +02:00
Mariusz Felisiak
506f800ead
[2.2.x] Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
...
Thanks Carlton Gibson the review.
Backport of fc1182af01
from master
2019-07-19 16:07:29 +02:00
Mariusz Felisiak
fa3ae446d9
[2.2.x] Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
...
Backport of a2e1c17f19
from master
2019-07-19 16:07:21 +02:00
Davit Gachechiladze
de2635fb4e
[2.2.x] Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
...
Backport of 7f612eda80
from master
2019-07-18 19:47:53 +02:00
Mariusz Felisiak
0088e59292
[2.2.x] Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
...
Backport of 230d75f59c
from master
2019-07-18 12:56:52 +02:00
Mariusz Felisiak
4814db40c1
[2.2.x] Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
...
Backport of ad4e83a6d1
from master
2019-07-16 15:08:40 +02:00
Frank Wiles
d58cde7444
[2.2.x] Updated WSGI servers ordering according to the more commonly used.
...
Backport of fa65b90a96
from master
2019-07-16 14:44:29 +02:00
Frank Wiles
de19a600f0
[2.2.x] Fixed explanation of how to automatically create tables in database.
...
Backport of c1b94e32fb
from master
2019-07-15 15:24:44 +02:00
Hasan Ramezani
a39365c48e
[2.2.x] Doc'd --no-input option for createsuperuser.
...
Backport of 8dd5877f58
from master
2019-07-11 10:26:16 +02:00
Mariusz Felisiak
1088a9777d
[2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson for the review.
Regression in 6b048b364c
.
Backport of 7991111af1
from master
2019-07-10 10:34:49 +02:00
Simon Charette
9dee8515d6
[2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
.
Backport of ee6e93ec87
from master
2019-07-10 08:04:45 +02:00
Mariusz Felisiak
8f0b9e7f9a
[2.2.x] Fixed typos in docs/ref/django-admin.txt.
...
Backport of 24e8f7f7d3
from master
2019-07-09 13:39:35 +02:00
Mariusz Felisiak
b593c39d7f
[2.2.x] Added stub release notes for 2.2.4.
...
Backport of 08e69cad9c
from master
2019-07-09 07:45:27 +02:00
sp1rs
0ea952e3d6
[2.2.x] Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match.
...
Backport of f197c3dd91
from master
2019-07-04 13:36:10 +02:00
swatantra
7d52d056e3
[2.2.x] Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model.
...
Backport of c13e3715f5
from master
2019-07-04 08:22:56 +02:00
Carlton Gibson
b6d8957356
[2.2.x] Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.
...
Equivalent note for PermissionsMixin was added in d33864ed13
.
Backport of 4b32d039db
from master
2019-07-02 11:21:46 +02:00
aitoehigie
b9d1bb6955
[2.2.x] Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes.
...
Backport of c2f381ef17
from master
2019-07-01 12:03:56 +02:00
Mariusz Felisiak
2b533ae60e
[2.2.x] Added CVE-2019-12781 to the security release archive.
...
Backport of 868cd56f05
from master
2019-07-01 10:21:16 +02:00
Mariusz Felisiak
5d39f62f7e
[2.2.x] Post-release version bump.
2019-07-01 08:21:52 +02:00
Mariusz Felisiak
89e9a4aeb6
[2.2.x] Bumped version for 2.2.3 release.
2019-07-01 07:55:16 +02:00
Mariusz Felisiak
93e719efdb
[2.2.x] Updated man page for Django 2.2.
2019-07-01 07:54:32 +02:00
Mariusz Felisiak
4f2713ff0e
[2.2.x] Added release date for 2.2.3.
...
Backport of fc41401f33
from master
2019-07-01 07:51:53 +02:00
Carlton Gibson
77706a3e47
[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f
from master
2019-07-01 07:50:48 +02:00
Mariusz Felisiak
db9f7b44fc
[2.2.x] Added stub release notes for security releases.
...
Backport of 30b3ee9d0b
from master
2019-07-01 07:03:03 +02:00
Mariusz Felisiak
395cf7c375
[2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
...
Backport of 4305fbe8b1
from master
2019-06-30 19:46:40 +02:00
Claude Paroz
b3f7262e6e
[2.2.x] Updated translations from Transifex
2019-06-29 16:15:53 +02:00
Tom Forbes
bdc1de2199
[2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
...
Backport of 8454f6dea4
from master
2019-06-26 06:44:57 +02:00
Meysam
04965bf92d
[2.2.x] Fixed typo in docs/topics/db/models.txt.
...
Backport of 833878411c
from master
2019-06-24 09:05:15 +02:00
Alexey Opalev
f3b036593f
[2.2.x] Fixed typo in docs/ref/models/indexes.txt.
...
Backport of 2f91e7832f
from master
2019-06-24 09:01:12 +02:00
Claude Paroz
3b2701e4f2
[2.2.x] Removed unneeded non-breaking spaces added in 00169bc36
...
Backport of 8590726a5d
from master.
2019-06-22 10:28:26 +02:00
Markus Holtermann
2525785880
[2.2.x] Bumped minimum ESLint version to 4.18.2.
...
Backport of ad7b438002
from master.
2019-06-21 18:00:32 +02:00
Jon Dufresne
e6b2471ce7
[2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
...
Backport of 2ef6f209f7
from master
2019-06-21 07:10:32 +02:00
Chris Jerdonek
d200069b15
[2.2.x] Refs #30565 -- Doc'd HttpResponse.close() method.
...
Backport of 533311782f
from master
2019-06-20 11:49:52 +02:00
Swat009
c3a0f76d11
[2.2.x] Fixed #30547 -- Doc'd how Meta.constraints affect model validation.
...
Backport of 00169bc361
from master
2019-06-20 10:45:20 +02:00
Hasan Ramezani
c3a9d3050c
[2.2.x] Fixed typos in signals and custom management commands docs.
...
Backport of a7038adbd0
from master
2019-06-19 08:41:51 +02:00
Hasan Ramezani
1ce04289f1
[2.2.x] Fixed typos and example in signals.pre_init docs.
...
Backport of 036362e0cf
from master
2019-06-18 15:09:07 +02:00
Joachim Jablon
26c1214364
[2.2.x] Fixed an example of email with display name in EmailMessage.from_email.
...
Backport of 0c2ffdd526
from master
2019-06-13 18:00:28 +02:00
Jon Dufresne
13e6040fd4
[2.2.x] Fixed intword example in docs/ref/contrib/humanize.txt.
...
Backport of 175656e166
from master
2019-06-11 22:12:24 +02:00
Vyacheslav Ver
36766e1a28
[2.2.x] Fixed #30486 -- Fixed the default value of Aggregate.distinct and updated example of custom aggregate functions.
...
Backport of 76b3fc5c8d
from master
2019-06-11 12:02:02 +02:00
Mykola Nicholas
d5d22e1090
[2.2.x] Changed charset and collation link to MySQL docs.
...
Backport of f3a03d5b61
from master
2019-06-11 11:17:23 +02:00
Mariusz Felisiak
430f7e9dac
[2.2.x] Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
...
Backport of 5ab75adb90
from master
2019-06-10 16:57:50 +02:00
swatantra
6dca336167
[2.2.x] Fixed #30553 -- Clarified the default value of disable_existing_loggers.
...
Backport of 03cd3d137e
from master
2019-06-10 15:18:40 +02:00
Étienne Beaulé
4e6f0024f1
[2.2.x] Fixed #30542 -- Fixed crash of numerical aggregations with filter.
...
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.
Thanks to Chuan-Zheng Lee for the report.
Regression in c690afb873
and two following
commits.
Backport of 4b6dfe1622
from master.
2019-06-05 09:15:21 +02:00