6f78cb6b13
Fixed #29026 -- Added --scriptable option to makemigrations.
2022-01-10 18:49:57 +01:00
f4b06a3cc1
Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.
...
Regression in 7c08f26bf0
2022-01-10 17:30:41 +01:00
2a66c102d9
Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page.
...
Regression in 0c0b87725b
2022-01-08 13:05:55 +01:00
4c60c3edff
Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.
...
Regression in 456466d932
2022-01-07 15:35:31 +01:00
c67e1cf44f
Refs #33348 -- Deprecated passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
2022-01-06 17:29:32 +01:00
bc174e6ea0
Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks().
...
Regression in d89f976bdd
2022-01-06 06:38:17 +01:00
63869ab1f1
Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive.
2022-01-04 11:30:11 +01:00
f38c66b555
Added stub release notes for Django 4.0.2.
2022-01-04 11:10:53 +01:00
155e06a50b
Corrected merge error in release notes.
2022-01-04 10:50:23 +01:00
6d343d01c5
Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
...
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:04:12 +01:00
761f449e0d
Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
...
Thanks to Dennis Brinkrolf for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:03:56 +01:00
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
b13d920b7b
Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases.
2021-12-28 08:47:33 +01:00
59a66f0512
Refs #33342 -- Deprecated ExclusionConstraint.opclasses.
2021-12-27 08:55:18 +01:00
0e656c02fe
Fixed #33342 -- Added support for using OpClass() in exclusion constraints.
2021-12-24 11:39:00 +01:00
ca04659b4b
Refs #32355 -- Bumped required psycopg2 version to 2.8.4.
...
psycopg2 2.8.4 is the first release to support Python 3.8.
2021-12-22 20:32:55 +01:00
19fb838803
Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64.
2021-12-21 13:00:09 +01:00
4328970780
Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector.
...
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.
This likely slipped under the radar for so long and only regressed in
b9df2b74b9
2021-12-17 07:46:58 +01:00
40165eecc4
Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest.
...
Regression in 3fd82a6241
2021-12-16 20:13:17 +01:00
068b2c072b
Fixed #30127 -- Deprecated name argument of cached_property().
2021-12-16 18:52:27 +01:00
ac5cc6cf01
Fixed #33316 -- Added pagination to admin history view.
2021-12-15 10:54:08 +01:00
76ccce64cc
Fixed #16063 -- Adjusted admin changelist searches spanning multi-valued relationships.
...
This reduces the likelihood of admin searches issuing queries with
excessive joins.
2021-12-15 08:14:19 +01:00
2f33217ea2
Fixed #33361 -- Fixed Redis cache backend crash on booleans.
2021-12-14 07:16:30 +01:00
eba9a9b7f7
Refs #32338 -- Added Boundfield.legend_tag().
2021-12-09 07:16:33 +01:00
cb383753c0
Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form".
...
Thanks OutOfFocus4 for the report.
Regression in 456466d932
2021-12-08 20:33:03 +01:00
8a4e506760
Fixed #19721 -- Allowed admin filters to customize the list separator.
2021-12-08 15:25:52 +01:00
dfdf1c6864
Improved release notes wording for template-based form rendering.
2021-12-07 12:44:33 +01:00
adef3d975e
Added stub release notes for 4.0.1.
2021-12-07 10:41:32 +01:00
d7bd9eb6cd
Finalized release notes for Django 4.0.
2021-12-07 10:02:41 +01:00
513441240f
Updated asgiref dependency for 4.0 release series.
2021-12-07 09:49:39 +01:00
8747052411
Added CVE-2021-44420 to security archive.
2021-12-07 08:51:26 +01:00
d4dcd5b9dd
Fixed #30530 , CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
...
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
2021-12-07 06:28:08 +01:00
d3f4c2b95d
Fixed #33078 -- Added support for language regions in i18n_patterns().
2021-12-03 12:57:06 +01:00
2c7846d992
Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL.
...
This makes models.BinaryField pickleable on PostgreSQL.
Regression in 3cf80d3fcf
2021-12-03 11:56:22 +01:00
4ce59f602e
Fixed #30398 -- Added CONN_HEALTH_CHECKS database setting.
...
The CONN_HEALTH_CHECKS setting can be used to enable database
connection health checks for Django's persistent DB connections.
Thanks Florian Apolloner for reviews.
2021-12-01 07:44:48 +01:00
ae4077e13e
Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
2021-11-30 11:25:00 +01:00
5d80843ebc
Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.
...
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.
Thanks Florian Apolloner and Shai Berger for reviews.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-29 10:47:39 +01:00
b8c0b22f2f
Fixed typo in docs/releases/4.0.txt.
2021-11-24 17:38:35 +01:00
aec71aaa5b
Fixed #33304 -- Allowed passing string expressions to Window(order_by).
2021-11-23 07:58:44 +01:00
e6e664a711
Fixed #33302 -- Made element_id optional argument for json_script template filter.
...
Added versionchanged note in documentation
2021-11-22 11:52:19 +01:00
5e218cc0b7
Added Malay language.
2021-11-18 20:57:50 +01:00
8d9827c06c
Fixed #33161 -- Enabled durability check for nested atomic blocks in TestCase.
...
Co-Authored-By: Adam Johnson <me@adamj.eu>
2021-11-12 13:05:56 +01:00
0b95a96ee1
Removed DatabaseIntrospection.get_key_columns().
...
Thanks Simon Charette for the report.
2021-11-10 16:38:43 +01:00
91acfc3514
Fixed #33264 -- Made test runner return non-zero error code for unexpected successes.
2021-11-08 20:19:21 +01:00
4f8c7fd9d9
Fixed #32980 -- Made models cache related managers.
2021-11-08 08:44:12 +01:00
ba9ced3e9a
Fixed #33253 -- Reverted "Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage."
...
This reverts commit 91e21836f6
2021-11-05 12:11:18 +01:00
2c01ebb4be
Refs #33263 -- Expanded release notes for DeleteView adopting FormMixin.
2021-11-05 09:22:53 +01:00
fc565cb539
Fixed #27147 -- Allowed specifying bounds of tuple inputs for non-discrete range fields.
2021-11-04 19:08:57 +01:00
60503cc747
Corrected multiply defined labels in docs.
2021-11-04 10:46:01 +01:00
d811fa1d10
Added stub release notes for Django 3.2.10.
2021-11-01 10:41:06 +01:00
7ec603ba25
Added release date for 3.2.9.
2021-11-01 10:18:49 +01:00
073b7b5915
Fixed #33228 -- Changed value of BaseDatabaseFeatures.has_case_insensitive_like to False.
2021-10-28 17:56:29 +02:00
3f1f8b9376
Fixed #33182 -- Moved admin dark mode vars to separate stylesheet and template block.
2021-10-27 10:34:01 +02:00
480191244d
Fixed #25916 -- Added lastmod support to sitemap index view.
...
Co-authored-by: Matthew Downey <matthew.downey@webit.com.au>
2021-10-21 15:26:22 +02:00
69b0736fad
Refs #32956 -- Changed docs to treat the acronym HTTP phonetically.
2021-10-18 21:00:28 +02:00
86971c4090
Fixed #33194 -- Fixed migrations when altering a field with functional indexes/unique constraints on SQLite.
...
This adjusts Expressions.rename_table_references() to only update alias
when needed.
Regression in 83fcfc9ec8
2021-10-18 08:25:23 +02:00
32f1fe5f89
Fixed #29470 -- Logged makemigrations automatic decisions in non-interactive mode.
2021-10-12 15:19:39 +02:00
604df4e0ad
Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x.
2021-10-05 13:30:41 +02:00
c113f7fb0d
Added stub release notes for Django 3.2.9.
2021-10-05 09:39:20 +02:00
c5776bfca9
Added release date for 3.2.7.
2021-10-05 09:07:26 +02:00
c2f6c05c4c
Refs #32943 -- Added support for covering exclusion constraints using SP-GiST indexes on PostgreSQL 14+.
2021-10-01 13:11:37 +02:00
e76f9d5b44
Refs #32943 -- Added support for covering SP-GiST indexes on PostgreSQL 14+.
2021-10-01 13:11:34 +02:00
bd47b9bc81
Fixed #32961 -- Added BitXor() aggregate to django.contrib.postgres.
2021-10-01 10:32:39 +02:00
ad36a198a1
Fixed #33141 -- Renamed Expression.empty_aggregate_value to empty_result_set_value.
2021-09-29 12:58:01 +02:00
4ffada3609
Fixed #33136 -- Added GEOSGeometry.make_valid() method.
2021-09-27 09:58:28 +02:00
3f2170f720
Fixed typo in 4.0 release notes.
2021-09-22 15:17:01 +02:00
221b2f85fe
Fixed #33129 -- Dropped support for MariaDB 10.2.
2021-09-22 11:57:54 +02:00
b0ed619303
Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom.
...
Thanks Benjamin Locher for the report.
Regression in 30e59705fc
2021-09-21 19:58:00 +02:00
32b7ffc2bb
Increased the default PBKDF2 iterations for Django 4.1.
2021-09-20 21:23:01 +02:00
737fa72ae3
Refs #32191 -- Removed for the pre-Django 3.2 format of messages in CookieStorage.
...
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
05f3a6186e
Refs #32193 -- Removed MemcachedCache per deprecation timeline.
2021-09-20 21:23:01 +02:00
e2be307b3a
Refs #31235 -- Made assertQuerysetEqual() not call repr() on a queryset when compared to string values.
...
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
75d6c4ae6d
Refs #31180 -- Removed default_app_config application configuration variable per deprecation timeline.
2021-09-20 21:23:01 +02:00
d25710a625
Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline.
2021-09-20 21:23:01 +02:00
1cb495074f
Refs #31546 -- Removed support for boolean values in Command.requires_system_checks.
...
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
2e10abeb7f
Refs #31395 -- Removed support for assigning objects which don't support deepcopy() in setUpTestData().
...
Per deprecation timeline.
2021-09-20 21:23:01 +02:00
810bca5a1a
Added stub release notes for 4.1.
2021-09-20 21:23:01 +02:00
32f052be0a
Made cosmetic edits to docs/releases/4.0.txt.
2021-09-20 20:50:07 +02:00
01042c46f0
Removed empty sections from 4.0 release notes.
2021-09-20 20:07:23 +02:00
456466d932
Fixed #31026 -- Switched form rendering to template engine.
...
Thanks Carlton Gibson, Keryn Knight, Mariusz Felisiak, and Nick Pope
for reviews.
Co-authored-by: Johannes Hoppe <info@johanneshoppe.com>
2021-09-20 15:50:18 +02:00
ef4ef3b8f5
Fixed #32504 -- Updated admin's jQuery to 3.6.0.
2021-09-20 06:54:35 +02:00
0a9aa02e6f
Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site.
2021-09-18 12:27:28 +02:00
4e4082f939
Fixed #32492 -- Added TrigramWordSimilarity() and TrigramWordDistance() on PostgreSQL.
2021-09-17 13:05:15 +02:00
4555aa0a48
Fixed #27674 -- Deprecated GeoModelAdmin and OSMGeoAdmin.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-17 08:56:16 +02:00
306607d5b9
Fixed #32365 -- Made zoneinfo the default timezone implementation.
...
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick
Pope, and Paul Ganssle for reviews.
2021-09-16 12:11:05 +02:00
ec212c6616
Fixed #33012 -- Added Redis cache backend.
...
Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight,
Mariusz Felisiak, and Nick Pope for reviews and mentoring this
Google Summer of Code 2021 project.
2021-09-14 15:50:08 +02:00
676bd084f2
Fixed #32873 -- Deprecated settings.USE_L10N.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-14 12:05:43 +02:00
46c8df640c
Fixed #32219 -- Made InlineModelAdmin.verbose_name_plural fallback to its verbose_name.
2021-09-08 13:20:13 +02:00
4a43335d30
Fixed #30086 , Refs #32873 -- Made floatformat template filter independent of USE_L10N.
2021-09-08 08:37:27 +02:00
301a85a12f
Fixed #32076 -- Added async methods to BaseCache.
...
This also makes DummyCache async-compatible.
2021-09-07 20:14:25 +02:00
84c7c4a477
Fixed #32309 -- Added --exclude option to startapp/startproject management commands.
2021-09-01 12:08:02 +02:00
af10e97531
Added stub release notes for Django 3.2.8.
2021-09-01 09:48:32 +02:00
f3a0dc5b2a
Added release date for 3.2.7.
2021-09-01 07:40:01 +02:00
b667ac24ea
Fixed #25264 -- Allowed suppressing base command options in --help output.
...
This also suppresses -verbosity and --trackback options in the
runserver's help.
2021-08-31 11:04:02 +02:00
cbba49971b
Fixed #32992 -- Restored offset extraction for fixed offset timezones.
...
Regression in 10d1261984
2021-08-30 10:12:46 +02:00
d89f976bdd
Fixed #33054 -- Made TestCase.captureOnCommitCallbacks() capture callbacks recursively.
2021-08-30 07:06:22 +02:00
5942ab5eb1
Refs #32338 -- Made RadioSelect/CheckboxSelectMultiple render in <div> tags.
...
This improves accessibility for screen reader users.
2021-08-27 06:14:01 +02:00
b263f4b69d
Fixed #32552 -- Added logger argument to DiscoverRunner.
2021-08-24 09:23:01 +02:00
7800596924
Fixed #33014 -- Made ProjectState raise exception when real_apps argument is not a set.
2021-08-19 10:18:51 +02:00
c23aa73626
Fixed #32964 -- Corrected 'setup'/'set up' usage in docs.
2021-08-17 12:18:07 +02:00
d3c4696596
Fixed #27590 -- Allowed customizing a manifest file storage in ManifestFilesMixin.
2021-08-05 12:40:34 +02:00
4fe3774c72
Refs #32986 -- Moved TRANSLATOR_COMMENT_MARK to django.utils.translation.template.
2021-08-05 06:11:40 +02:00
4f3acf9579
Fixed #32984 -- Allowed customizing a deletion field widget in formsets.
2021-08-03 13:12:50 +02:00
ae89daf46f
Fixed #31621 -- Added support for '--parallel auto' to test management command.
2021-08-03 09:57:04 +02:00
947bdec60c
Added stub release notes for Django 3.2.7.
2021-08-02 08:41:29 +02:00
74a86e9b5e
Confirmed release date for Django 3.2.6.
2021-08-02 06:55:40 +02:00
fbb1984046
Refs #32956 -- Updated words ending in -wards.
...
AP styleguide: Virtually none of the words ending with -wards end with
an s.
2021-07-30 20:34:50 +02:00
7c30bdbdb1
Refs #32916 -- Replaced request.csrf_cookie_needs_reset with request.META['CSRF_COOKIE_NEEDS_UPDATE'].
2021-07-29 11:55:36 +02:00
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
5b8ef8aa5b
Refs #32946 -- Changed Query.add_filter() to take two arguments.
2021-07-28 09:38:42 +02:00
1cba320786
Refs #32956 -- Changed "afterwards" to "afterward" in docs and comments.
...
This also removes unnecessary comments with the previous spelling.
AP Stylebook has a short entry to advise the preferred spelling for
"en-us". "Afterwards" is preferred in British English.
2021-07-27 10:41:51 +02:00
20226fcd46
Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list.
...
Regression in c32d8f33d8
2021-07-26 06:09:29 +02:00
1783b3cb24
Fixed #32275 -- Added scrypt password hasher.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
c35b81b864
Fixed #32951 -- Removed Query.where_class & co.
...
Unused since 3caf957ed5
2021-07-22 08:49:20 +02:00
012f38f959
Refs #32949 -- Adjusted release note wording.
2021-07-21 11:34:47 +02:00
c542d0a072
Fixed #32949 -- Restored invalid number handling in DecimalField.validate().
...
DecimalField must itself validate() values, such as NaN, which cannot be
passed to validators, such as MaxValueValidator, during the
run_validators() phase.
Regression in cc3d24d7d5
2021-07-21 10:20:24 +02:00
fee8734596
Refs #10929 -- Deprecated forced empty result value for PostgreSQL aggregates.
...
This deprecates forcing a return value for ArrayAgg, JSONBAgg, and
StringAgg when there are no rows in the query. Now that we have a
``default`` argument for aggregates, we want to revert to returning the
default of ``None`` which most aggregate functions return and leave it
up to the user to decide what they want to be returned by default.
2021-07-19 13:41:16 +02:00
501a8db465
Fixed #10929 -- Added default argument to aggregates.
...
Thanks to Simon Charette and Adam Johnson for the reviews.
2021-07-19 13:04:27 +02:00
56f9579105
Fixed #32655 -- Deprecated extra_tests argument for DiscoverRunner.build_suite()/run_tests().
2021-07-16 20:46:41 +02:00
00c724f2f2
Fixed typo in docs/releases/3.1.13.txt.
2021-07-16 20:30:21 +02:00
84400d2e9d
Fixed #32905 -- Added CSS class for non-form errors of formsets.
2021-07-15 07:00:39 +02:00
3a45fea083
Fixed #21936 -- Allowed DeleteView to work with custom Forms and SuccessMessageMixin.
...
Thanks to Mariusz Felisiak for review.
Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: Caroline Simpson <github@hoojiboo.com>
2021-07-14 09:47:03 +02:00
f42ccdd835
Fixed #27021 -- Allowed lookup expressions in annotations, aggregations, and QuerySet.filter().
...
Thanks Hannes Ljungberg and Simon Charette for reviews.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-09 11:43:06 +02:00
90ba716bf0
Fixed #24522 -- Added a --shuffle option to DiscoverRunner.
2021-07-08 07:29:04 +02:00
77b88fe621
Fixed #32908 -- Allowed select_for_update(skip_locked) on MariaDB 10.6+.
2021-07-08 06:51:10 +02:00
a06b977a91
Fixed #32776 -- Added support for Array subqueries on PostgreSQL.
2021-07-06 07:36:52 +02:00
fa35c8bdbc
Fixed #30934 -- Included database alias in django.db.backends log messages.
...
This is useful when working with database routing as you want to know
where each query is being executed.
Co-authored-by: David Winterbottom <david.winterbottom@gmail.com>
2021-07-02 15:36:53 +02:00
9f3cce172f
Refs #26430 -- Re-introduced empty aggregation optimization.
...
The introduction of the Expression.empty_aggregate_value interface
allows the compilation stage to enable the EmptyResultSet optimization
if all the aggregates expressions implement it.
This also removes unnecessary RegrCount/Count.convert_value() methods.
Disabling the empty result set aggregation optimization when it wasn't
appropriate prevented None returned for a Count aggregation value.
Thanks Nick Pope for the review.
2021-07-02 07:25:42 +02:00
8feb2a49fa
Added CVE-2021-35042 to security archive.
2021-07-01 09:57:08 +02:00
bcea1a3193
Added stub release notes for Django 3.2.6.
2021-07-01 09:43:15 +02:00
dae83a2451
Forwardported release notes for CVE-2021-35042.
2021-07-01 09:42:54 +02:00
8e97698d7b
Added stub release notes for 3.1.13 and release date for 3.2.5.
2021-07-01 06:52:41 +02:00
cd124295d8
Fixed #32381 -- Made QuerySet.bulk_update() return the number of objects updated.
...
Co-authored-by: Diego Lima <diego.lima@lais.huol.ufrn.br>
2021-06-29 06:58:46 +02:00
495083e3e1
Updated translations from Transifex.
...
Forwardport of 04b744050f
2021-06-28 07:08:39 +02:00
1bbb98d9a4
Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell
...
By default, this means that readline is properly registered, so that
.python_history is used.
sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-23 14:53:41 +02:00
7a9745fed4
Fixed #32863 -- Skipped system check for specifying type of auto-created primary keys on models with invalid app_label.
...
Regression in b5e12d490a
2021-06-22 20:47:15 +02:00
854e9b0668
Fixed #32824 -- Improved performance of NodeList.render().
...
This avoids the following:
- checking that each item in the nodelist is a subclass of Node,
- calling str() on the render_annotated() output, because it's
documented that Node.render() must return a string,
- calling mark_safe() on the output, when the value to be wrapped is
definitively known to be a string because the result of ''.join()
is always of that type,
- using an intermediate list to store each individual string.
2021-06-11 12:22:06 +02:00
fa0433d05f
Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+.
...
Regression in d4ac23bee1
2021-06-10 20:03:43 +02:00
57bc16b38e
Refs #32503 -- Added release notes for 5e04e84d67.
2021-06-10 20:03:43 +02:00
8c3bd0b708
Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL.
2021-06-08 07:46:51 +02:00
0393b9262d
Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
...
Regression in 981a072dd4
2021-06-04 07:23:16 +02:00
d9cee3f5f2
Fixed docs header underlines in security archive.
2021-06-02 12:16:38 +02:00
ba10772bf6
Added stub release notes for Django 3.2.5.
2021-06-02 11:25:32 +02:00
a39f235ca4
Added CVE-2021-33203 and CVE-2021-33571 to security archive.
2021-06-02 11:15:54 +02:00
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
46572de2e9
Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:58:39 +02:00
f66ae7a2d5
Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-06-02 10:19:19 +02:00
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
2021-06-01 15:11:42 +02:00
a0410ffe8f
Refs #32552 -- Added DiscoverRunner.log() to allow customization.
...
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
91e21836f6
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
2021-05-31 11:09:48 +02:00
b9df2b74b9
Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
...
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
b746596f5f
Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.
2021-05-28 10:50:27 +02:00
e93eb3d971
Fixed #32789 -- Made feeds emit elements with no content as self-closing tags.
2021-05-27 21:05:28 +02:00
e513fb0e77
Fixed typo in MiddlewareMixin deprecation note.
2021-05-27 06:17:30 +02:00
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c5
2021-05-26 11:19:47 +02:00
1143f3bb5e
Fixed #32543 -- Added search_help_text to ModelAdmin.
2021-05-26 10:20:13 +02:00
b46dbd4e3e
Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-05-26 10:16:05 +02:00
68357b2ca9
Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
2021-05-26 09:41:29 +02:00
7cca22964c
Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
...
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
66491f08fe
Changed IRC references to Libera.Chat.
2021-05-20 12:23:36 +02:00
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
c2e6047c72
Fixed #32740 -- Caught possible exception when initializing colorama.
2021-05-19 10:33:15 +02:00
8cd55021bc
Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
...
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
958cdf65ae
Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4
2021-05-18 18:24:19 +02:00
a24fed399c
Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
...
Regression in b5e12d490a
2021-05-18 13:02:33 +02:00
f7691d4812
Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
...
Regression in ba31b01034
2021-05-18 09:14:05 +02:00
c156e36955
Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.
2021-05-17 09:46:09 +02:00
7c4ee487c7
Refs #32720 -- Fixed some broken links in docs.
2021-05-17 09:22:17 +02:00
1c3bbcf802
Refs #32720 -- Used full hashes in security archive.
2021-05-17 08:27:46 +02:00
df5c96299a
Corrected commit hashes for security patches.
2021-05-17 08:26:06 +02:00
8c4caee76a
Refs #32720 -- Used :commit: and :source: role in old release notes.
2021-05-17 07:36:57 +02:00
820408d842
Added stub release notes for Django 3.2.4.
2021-05-13 09:42:26 +02:00
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
2021-05-13 08:53:44 +02:00
b81c7562fc
Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
...
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc
2021-05-13 07:26:52 +02:00
3733ae8957
Fixed #32031 -- Added model class for each model to AdminSite.each_context().
2021-05-13 06:57:09 +02:00
29e4ccb1a2
Fixed #32738 -- Deprecated django.utils.datetime_safe module.
2021-05-12 14:42:17 +02:00
1061f52436
Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
...
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes.
2021-05-12 10:42:01 +02:00
205c36b58f
Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.
2021-05-07 20:03:46 +02:00
028f10fac6
Fixed #32712 -- Deprecated django.utils.baseconv module.
2021-05-07 11:57:40 +02:00
29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
efebcc429f
Added CVE-2021-32052 to security archive.
2021-05-06 09:58:24 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
96f55ccf79
Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b6594305
2021-05-05 08:43:57 +02:00
62b2e8b37e
Added commits for CVE-2021-31542 to security archive.
2021-05-04 11:09:21 +02:00
607ebbfba9
Added CVE-2021-31542 to security archive.
2021-05-04 11:06:07 +02:00
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00
907d3a7ff4
Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated.
2021-04-29 13:53:56 +02:00
baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
...
Follow up to 1871182031
2021-04-29 12:04:30 +02:00
4ab3ef238e
Fixed #32675 -- Doc'd that autodector changes might cause generation of no-op migrations.
...
Follow up to aa4acc164d
2021-04-29 07:46:22 +02:00
c8b6594305
Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdc
2021-04-28 12:13:55 +02:00
6e742dabc9
Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb876
2021-04-27 10:43:35 +02:00
1871182031
Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a1
2021-04-27 10:34:47 +02:00
4e5bbb6ef2
Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b3205
2021-04-26 07:08:16 +02:00
6d0cbe42c3
Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
...
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9#27149 ).
Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
...
Thanks Jared Lockhart for the report.
Regression in c36075ac1d
2021-04-21 09:41:37 +02:00
5c73fbb6a9
Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
...
Regression in 30e59705fc
2021-04-21 08:31:06 +02:00
54e94640ac
Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite.
2021-04-20 11:44:41 +02:00
4511d14598
Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
...
Thanks Jan Pieter Waagmeester for the report.
Regression in 2d6179c819
2021-04-14 22:52:59 +02:00
ca98729055
Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
...
Thanks Matt Westcott for the report.
Regression in 779e615e36
2021-04-14 21:11:17 +02:00
338eb65b6e
Refs #32548 -- Forwardported 3.2.1 release note.
2021-04-14 20:25:58 +02:00
08c60cce3b
Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.
2021-04-14 16:50:47 +02:00
23fa29f6a6
Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes.
...
Thanks Dlis for the report.
Regression in 26a413507a
2021-04-14 12:23:47 +02:00
a77c9a4229
Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition.
...
Regression in b7b7df5fbc
2021-04-14 10:06:18 +02:00
3b8527e32b
Fixed #32637 -- Restored exception message on technical 404 debug page.
...
Thanks Atul Varma for the report.
2021-04-13 09:15:04 +02:00
9760e262f8
Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns.
2021-04-12 21:11:40 +02:00
45a58c31e6
Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD.
2021-04-08 13:17:08 +02:00
30e123ed35
Fixed #32575 -- Added support for SpatiaLite 5.
2021-04-08 09:36:29 +02:00
3ae4344bbd
Dropped support for GEOS 3.5 and GDAL 2.0.
2021-04-07 20:39:30 +02:00
98abc0c90e
Fixed #32501 -- Added support for returning fields from INSERT statements on SQLite 3.35+.
2021-04-07 20:09:56 +02:00
3f2920ae1d
Corrected release number format in 3.2.1 release notes.
2021-04-07 19:44:29 +02:00
e3cfba0029
Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.
2021-04-07 15:54:24 +02:00
5b05a45c62
Corrected wrapping in 3.2 release notes.
...
Partially reverts 0802b404a2
2021-04-07 07:27:31 +02:00
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
0802b404a2
Added release date for Django 3.2.
...
Adjusted wrapping in release notes where needed.
2021-04-06 11:20:59 +02:00
5aea50e57f
Updated asgiref dependency for 3.2 release series.
2021-04-06 10:38:43 +02:00
1eac8468cb
Added CVE-2021-28658 to security archive.
2021-04-06 09:42:31 +02:00
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
e32722d160
Fixed #32383 -- Added source map support to ManifestStaticFilesStorage.
2021-04-02 12:21:21 +02:00
d915dd1c58
Fixed #32204 -- Added quick filter to admin's navigation sidebar.
2021-03-31 09:31:37 +02:00
7248afe12f
Refs #32105 -- Moved ExceptionReporter template paths to properties.
...
Refs #32316 .
2021-03-31 08:41:57 +02:00
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
038940cf55
Fixed #29127 -- Prevented DiscoverRunner from hiding tagged test with syntax errors.
...
This mades _FailedTest objects always match tags in DiscoverRunner.
2021-03-30 10:26:20 +02:00
2f13c476ab
Fixed #31487 -- Added precision argument to Round().
2021-03-29 09:43:08 +02:00
3a185cee2a
Fixed #32573 -- Fixed bounds in __iso_year lookup optimization.
2021-03-23 21:27:55 +01:00
41e6b2a3c5
Fixed #32556 -- Fixed handling empty string as non-boolean attributes value by assertHTMLEqual().
2021-03-19 20:41:57 +01:00
474cc420bf
Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.
2021-03-19 08:04:37 +01:00
2411b8b5eb
Fixed #16010 -- Added Origin header checking to CSRF middleware.
...
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
dba44a7a7a
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
2021-03-18 20:00:22 +01:00
f6713cda89
Fixed #31370 -- Added support for parallel tests with --buffer.
2021-03-18 15:30:47 +01:00
45814af619
Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error.
2021-03-17 20:56:09 +01:00
d828beb68f
Fixed #32529 -- Delayed creating a test suite in build_suite().
2021-03-11 10:02:06 +01:00
ba9a2b7544
Refs #32508 -- Raised TypeError instead of using "assert" on unsupported operations for sliced querysets.
2021-03-10 09:16:28 +01:00
d01709aae2
Fixed #24141 -- Added QuerySet.contains().
2021-03-06 20:40:29 +01:00
f55f3ce831
Fixed #32493 -- Removed redundant never_cache uses from admin views.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2021-03-03 09:13:07 +01:00
8380fe08a0
Fixed #32456 -- Added dbshell support for specifying a password file on PostgreSQL.
2021-03-01 09:33:49 +01:00
0c7e880e13
Fixed typos in assertQuerysetEqual() docs and 1.6 release notes.
2021-02-26 09:10:52 +01:00
e0f82d7992
Added stub release notes for 3.1.8.
2021-02-25 20:27:10 +01:00
7cc6899d41
Updated links to DEPs.
2021-02-25 17:22:07 +01:00
3089018e95
Fixed #32446 -- Deprecated SERIALIZE test database setting.
...
Whether or not the state of a test database should be serialized can be
inferred from the set of databases allowed to be access from discovered
TestCase/TransactionTestCase enabling the serialized_rollback feature
which makes this setting unnecessary.
This should make a significant test suite bootstraping time difference
on large projects that didn't explicitly disable test database
serialization.
2021-02-24 20:31:11 +01:00
3aa545281e
Fixed #30916 -- Added support for functional unique constraints.
...
Thanks Ian Foote and Mariusz Felisiak for reviews.
2021-02-23 20:19:53 +01:00
ab58f07250
Added CVE-2021-23336 to security archive.
2021-02-19 11:02:32 +01:00
0ad9fa02e0
Refs CVE-2021-23336 -- Updated tests and release notes for affected versions.
2021-02-19 09:03:06 +01:00
d02d60eb0f
Added documentation extlink for bugs.python.org.
2021-02-17 14:24:42 +01:00
3119a6deca
Fixed #26607 -- Allowed customizing formset kwargs with ModelAdmin.get_formset_kwargs().
...
Thanks Nick Pope for reviews.
2021-02-15 11:37:35 +01:00
3fa1ed53be
Refs #32394 -- Rephrased release note for STATIC_URL change.
2021-02-13 20:07:55 +01:00
dcb094abe8
Fixed #32421 -- Made admindocs ModelDetailView show model cached properties.
2021-02-11 06:50:50 +01:00
Jacob Walls
Keryn Knight
David
Baptiste Mispelon
Petter Friberg
Carlton Gibson
Florian Apolloner
Hannes Ljungberg
Mariusz Felisiak
Brenton Partridge
Simon Charette
mgaligniana
Jeremy Lainé
Shreya Bamne
Nick Pope
Maxim Piskunov
Przemysław Suliga
Chris Jerdonek
Ryuji Tsutsui
jhisham
Krzysztof Jagiello
Guilherme Martins Crocetti
Chinmoy
Matteo Vitali
David Wobrock
Claude Paroz
Jero Bado
Carlton Gibson
Ken Whitesell
Nikita Marchant
Giannis Adamopoulos
Daniyal
Siburg
Andrew-Chen-Wang
sage
Jan Szoja
Eugene Morozov
Andrew Northall
Jarosław Wygoda
Ties Jan Hefting
Adam Johnson
David Smith
Tom Wojcik
ryowright
yakimka
Ian Foote
abhiabhi94
Peter Inglesby
Hasan Ramezani
Sanskar Jaiswal
Takayuki Hirayama
Gildardo Adrian Maravilla Jacome
Mohammadreza Varasteh
Rohith PR
David Sanders
Rust Saiargaliev
Slava Skvortsov
Raffaele Salmaso
Jordi Castells
Tim Graham
Konstantin Alekseev
Zain Patel
Tobias Bengfort
Arthur Jovart
Iuri de Silvio
girishsontakke
Maxim Milovanov
William Schwartz
bankc
Nick Pope
Florian Demmer
Johan Schiff
tim-mccurrach
Jacob Walls
Markus Holtermann
manav014
Ramon Saraiva