innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django/db/models
History
Simon Charette 0bd57a879a [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 
Regression introduced in 513948735b
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec31970
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.
 		2021-07-01 08:36:17 +02:00
..
fields [3.1.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:56:06 +02:00
functions [3.1.x] Bumped minimum isort version to 5.1.0. 2020-09-30 09:51:31 +02:00
sql [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 2021-07-01 08:36:17 +02:00
__init__.py Fixed #12990, Refs #27694 -- Added JSONField model field. 2020-05-08 07:23:31 +02:00
aggregates.py Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
base.py [3.1.x] Fixed #31863 -- Prevented mutating model state by copies of model instances. 2020-08-13 15:27:18 +02:00
constants.py Refactored qs.add_q() and utils/tree.py 2013-03-13 10:44:49 +02:00
constraints.py Fixed #20581 -- Added support for deferrable unique constraints. 2020-04-30 10:43:50 +02:00
deletion.py [3.1.x] Fixed #32107 -- Fixed ProtectedError.protected_objects and RestrictedError.restricted_objects. 2020-10-19 13:10:13 +02:00
enums.py Fixed #31154 -- Added support for using enumeration types in templates. 2020-01-10 07:52:06 +01:00
expressions.py [3.1.x] Fixed #32200 -- Fixed grouping by ExpressionWrapper() with Q objects. 2020-11-19 21:42:14 +01:00
indexes.py Refs #11964 -- Removed SimpleCol in favor of Query(alias_cols). 2019-11-21 11:56:35 +01:00
lookups.py [3.1.x] Refs #32096 -- Fixed __in lookup crash against key transforms for JSONField. 2020-10-14 21:03:15 +02:00
manager.py Fixed #31223 -- Added __class_getitem__() to Manager and QuerySet. 2020-04-15 11:26:11 +02:00
options.py Refs #27666 -- Ensured relationship consistency on delayed reloads. 2020-04-07 09:20:46 +02:00
query.py [3.1.x] Fixed #31990 -- Fixed QuerySet.ordered for GROUP BY queries on models with Meta.ordering. 2020-09-14 20:08:18 +02:00
query_utils.py Simplified DeferredAttribute.__get__() a bit. 2020-01-29 16:06:56 +01:00
signals.py Fixed #31327 -- Deprecated providing_args argument for Signal. 2020-03-05 09:38:52 +01:00
utils.py Refs #31046 -- Added django.db.models.utils.resolve_callables(). 2019-12-03 19:47:32 +01:00