Commit Graph

30162 Commits

Author SHA1 Message Date
Mariusz Felisiak f9c7d48fdd [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4a from main.
2022-02-01 07:44:49 +01:00
Markus Holtermann 0142204606 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
Thanks Keryn Knight for the report.

Backport of 394517f078 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:43:45 +01:00
Kirill Safronov 6928227dff [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
Regression in aa4acc164d.

Backport of 97a7274468 from main
2022-02-01 07:33:22 +01:00
Mariusz Felisiak aff79be03a [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
Thanks Adam Johnson for the report.
Backport of 71e7c8e737 from main
2022-01-31 11:34:29 +01:00
Claude Paroz 7a1c6533eb
[4.0.x] Updated translations from Transifex.
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
2022-01-29 18:59:17 +01:00
Thomas Aglassinger 9a9c5b402b [4.0.x] Fixed #33459 -- Clarified index type in full text search docs.
Backport of 3a9b8b25d4 from main
2022-01-28 06:37:14 +01:00
Mariusz Felisiak 7c2d4d943b [4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce.
Backport of e972620ada from main
2022-01-27 18:52:35 +01:00
Kaushik Chintam f4de87038e [4.0.x] Fixed #33048 -- Doc'd that DEBUG static files requests don't use middleware chain.
Backport of 1625a8c8eb from main
2022-01-26 12:02:43 +01:00
Carlton Gibson f82ca84f77 [4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS.
Regression in 5942ab5eb1.

Backport of 85f2a9fb0f from main
2022-01-26 10:04:08 +01:00
Mariusz Felisiak c28a41f4f1 [4.0.x] Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27.
Backport of eeca934238 from main
2022-01-25 07:26:37 +01:00
Fabian Büchler b32080219e [4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
Regression in aa4acc164d.

Backport of eeff1787b0 from main
2022-01-21 08:46:14 +01:00
Tilak fc5c86c47c [4.0.x] Improved wording in running Django’s test suite in contributing tutorial.
Backport of 2c76c27a95 from main
2022-01-20 11:29:47 +01:00
Brad Solomon 519b6d6070 [4.0.x] Fixed #33443 -- Clarified when PasswordResetView sends an email.
Backport of b55ebe3241 from main
2022-01-17 08:59:43 +01:00
Scott Pashley 92e1018178 [4.0.x] Fixed typo in docs/ref/contrib/admin/index.txt.
Backport of 367d6920ec from main
2022-01-12 07:45:30 +01:00
Zeilentaucher 89d88414dc [4.0.x] Fixed #33432 -- Fixed typo in docs/howto/outputting-csv.txt.
Backport of 658dc7045a from main
2022-01-12 07:36:55 +01:00
Victor Peralta cf4128e6e9 [4.0.x] Fixed typo in docs/ref/contrib/admin/index.txt.
Backport of f1905db6c0 from main
2022-01-11 06:20:30 +01:00
Keryn Knight c8a6bf951b [4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.
Regression in 7c08f26bf0.

Backport of f4b06a3cc1 from main
2022-01-10 18:39:59 +01:00
Mariusz Felisiak dfda5ff722 [4.0.x] Corrected signatures of some functions in docs.
Backport of 178109c173 from main
2022-01-10 13:31:25 +01:00
Mariusz Felisiak 6554f00df6 [4.0.x] Corrected directive for signals in django.contrib.auth docs.
Backport of b0ccf74549 from main
2022-01-10 13:31:19 +01:00
Keryn Knight 2ea0321058 [4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page.
Regression in 0c0b87725b.

Backport of 2a66c102d9 from main
2022-01-08 14:54:10 +01:00
David c959aa99aa [4.0.x] Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.
Regression in 456466d932.

Thanks Matt Westcott for the report.

Backport of 4c60c3edff from main
2022-01-07 16:12:15 +01:00
Petter Friberg 11475958f6 [4.0.x] Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks().
Regression in d89f976bdd.

Backport of bc174e6ea0 from main
2022-01-07 16:12:01 +01:00
David da710aa3d8 [4.0.x] Removed unused comment directive in CBV topic docs.
Backport of 973fa56652 from main
2022-01-05 09:19:54 +01:00
David 17bd04e708 [4.0.x] Fixed malformed attribute directives in docs.
Backport of cc8e771c64 from main
2022-01-05 09:19:44 +01:00
Carlton Gibson 24fce7d134 [4.0.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive.
Backport of 63869ab1f1 from main
2022-01-04 11:30:40 +01:00
Carlton Gibson 6f9a994c47 [4.0.x] Added stub release notes for Django 4.0.2.
Backport of f38c66b555 from main
2022-01-04 11:11:20 +01:00
Carlton Gibson 9bb9326027 [4.0.x] Post-release version bump. 2022-01-04 10:46:42 +01:00
Carlton Gibson 15aff7f22c [4.0.x] Bumped version for 4.0.1 release. 2022-01-04 10:42:03 +01:00
Florian Apolloner e1592e0f26 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:10:14 +01:00
Florian Apolloner 2a8ec7f546 [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:10:14 +01:00
Florian Apolloner df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:10:14 +01:00
Luke Plant 7753169585 [4.0.x] Avoided suggestion of plain text database password in sessions topic.
Backport of ccafad2e42 from main
2022-01-04 06:48:19 +01:00
Mariusz Felisiak fe59bf202d [4.0.x] Fixed #33391 -- Clarified Aggregate.empty_result_set_value docs.
Backport of 4400d8568a from main
2021-12-31 06:49:55 +01:00
mangelozzi b93fb3d6be [4.0.x] Improved @display(empty_value) example in ModelAdmin.empty_value_display docs.
Backport of eb901681ab from main
2021-12-30 11:39:45 +01:00
Jacob Walls c46e996307 [4.0.x] Fixed #27936 -- Rewrote spanning multi-valued relationships docs.
Backport of 6174814dbe from main
2021-12-30 09:05:29 +01:00
Mariusz Felisiak e9b023b8e4 [4.0.x] Added default values to Entry's fields in making queries docs.
This makes it easier to create a data in examples.

Backport of 1283458baa from main
2021-12-30 09:05:20 +01:00
Sergey Fursov 76d24d5f16 [4.0.x] Updated example of YAML serialization format in docs.
Backport of feeb0685c6 from main
2021-12-28 13:39:06 +01:00
Carlton Gibson c9ec72ea1b [4.0.x] Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases.
Backport of b13d920b7b from main.
2021-12-28 10:08:54 +01:00
Mariusz Felisiak b5f60ef5a7 [4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4.
psycopg2 2.8.4 is the first release to support Python 3.8.
Backport of ca04659b4b from main
2021-12-22 20:33:49 +01:00
David Smith a0e01b000a [4.0.x] Refs #31026 -- Updated TemplatesSetting docs to refer to forms.
Backport of 78f062f63e from main
2021-12-22 08:43:44 +01:00
Adam Johnson ad09b1687d [4.0.x] Added TemplatesSetting to list of built-in renderers in FORM_RENDERER docs.
Backport of fde425051c from main
2021-12-22 07:59:58 +01:00
Brenton Partridge b85ceaaba6 [4.0.x] Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64.
Backport of 19fb838803 from main
2021-12-21 13:36:08 +01:00
Simon Charette 7e6a2e3b45 [4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector.
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.

This likely slipped under the radar for so long and only regressed in
b9df2b74b9 because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.

Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.

Backport of 4328970780 from main
2021-12-17 10:00:33 +01:00
Mariusz Felisiak c1d2e8b9b8 [4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest.
Regression in 3fd82a6241.

Thanks Terence Honles for the report.
Backport of 40165eecc4 from main
2021-12-16 20:14:17 +01:00
Mariusz Felisiak 267a743bf2 [4.0.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10.
Follow up to d4dcd5b9dd.
Backport of 5de12a369a from main
2021-12-15 18:54:35 +01:00
Jeremy Lainé 3b03bce122 [4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans.
Backport of 2f33217ea2 from main
2021-12-14 08:46:16 +01:00
mgaligniana cc5bbd447b [4.0.x] Fixed #33338 -- Doc'd that never_cache() decorator set Expires header.
Backport of 669dcefc04 from main
2021-12-13 18:38:48 +01:00
Beomsoo Kim c607ee949d [4.0.x] Corrected example in models.DecimalField docs.
Backport of 7e4a9a9f69 from main
2021-12-13 07:20:56 +01:00
Wayne Lambert e39e5fa8e6 [4.0.x] Updated link to Microsoft SQL Server backend.
Backport of 8a8c8797e8 from main
2021-12-13 07:17:33 +01:00
Ömer Faruk Abacı bb8435f5db [4.0.x] Refs #33319 -- Added note about commutation of QuerySet's | operator.
Backport of f04b44bad4 from main
2021-12-08 21:59:40 +01:00