2a62cdcfec
[2.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.
...
Backport of 78eeff8d33
2022-04-11 10:37:53 +02:00
d3731c9431
[2.2.x] Post-release version bump.
2022-04-11 09:29:13 +02:00
5c3300027b
[2.2.x] Bumped version for 2.2.28 release.
2022-04-11 09:25:38 +02:00
29a6c98b4c
[2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
...
Backport of 6723a26e59
2022-04-11 09:23:12 +02:00
2c09e68ec9
[2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
Backport of 93cae5cb2f
2022-04-11 09:22:17 +02:00
8352b98e46
[2.2.x] Added stub release notes for 2.2.28.
...
Backport of 78277faafd
2022-04-04 10:55:50 +02:00
2801f29dad
[2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
...
This reverts commit 1d9d082acfabfdb4d7f3
2022-03-26 12:29:29 +01:00
e03648f09c
[2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
...
See https://github.com/pallets/jinja/pull/1621 .
Backport of 1d9d082acf
2022-03-25 08:54:13 +01:00
9d13d8c10b
[2.2.x] Fixed typo in release notes.
...
Backport of 770d3e6a4c
2022-02-02 07:20:28 +01:00
047ece3014
[2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
...
Backport of 9e0df0d6dd
2022-02-01 08:54:34 +01:00
2427b2fee3
[2.2.x] Post-release version bump.
2022-02-01 08:10:18 +01:00
e541f2d05b
[2.2.x] Bumped version for 2.2.27 release.
2022-02-01 08:07:46 +01:00
c477b76180
[2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
Backport of fc18f36c4a
2022-02-01 07:57:28 +01:00
c27a7eb9f4
[2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
...
Thanks Keryn Knight for the report.
Backport of 394517f078
2022-02-01 07:56:29 +01:00
4cafd3aacb
[2.2.x] Added stub release notes 2.2.27.
...
Backport of eeca934238
2022-01-25 07:29:28 +01:00
77d0fe5868
[2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive.
...
Backport of 63869ab1f1
2022-01-04 11:39:54 +01:00
e085d46e4b
[2.2.x] Post-release version bump.
2022-01-04 10:36:12 +01:00
44e7cca623
2.2.x] Bumped version for 2.2.26 release.
2022-01-04 10:30:01 +01:00
4cb35b384c
[2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
...
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:20:31 +01:00
c9f648ccfa
[2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
...
Thanks to Dennis Brinkrolf for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:20:31 +01:00
2135637fdd
[2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:20:31 +01:00
03b733d8a8
[2.2.x] Added stub release notes for 2.2.26 release.
2021-12-28 10:10:15 +01:00
b87820668e
[2.2.x] Refs #33365 , Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10.
...
Follow up to d4dcd5b9dd5de12a369a
2021-12-15 18:56:38 +01:00
573e70ea48
[2.2.x] Added CVE-2021-44420 to security archive.
...
Backport of 8747052411
2021-12-07 08:56:25 +01:00
8439938602
[2.2.x] Post-release version bump.
2021-12-07 07:05:38 +01:00
79d8dcefb2
[2.2.x] Bumped version for 2.2.25 release.
2021-12-07 07:03:33 +01:00
7cf7d74e8a
[2.2.x] Fixed #30530 , CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
...
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
Backport of d4dcd5b9dd
2021-12-07 07:02:14 +01:00
0007a5f9fa
[2.2.x] Added requirements.txt to files ignored by Sphinx builds.
...
Backport of 0cf2d48ba8
2021-11-30 12:12:07 +01:00
fac0fdd95d
[2.2.x] Added stub release notes for 2.2.25.
...
Backport of ae4077e13e
2021-11-30 11:31:56 +01:00
4bc10b7955
[2.2.x] Fixed crash building HTML docs since Sphinx 4.3.
...
See dd2ff3e911f0480ddd2d
2021-11-18 13:33:29 +01:00
5289fcfffe
[2.2.x] Configured Read The Docs to build all formats.
...
`all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats )). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable?
Backport of 1fe23bdd29
2021-11-18 12:25:47 +01:00
9a4a2b2089
[2.2.x] Refs #33247 -- Corrected configuration for Read The Docs.
...
This pins Sphinx version, because the default Sphinx version used by
RTD is not compatible with Python 3.8+.
This also, sets Python 3.8 for RTD builds which is compatible with all
current versions of Django.
Thanks to Mariusz Felisiak for the suggestion.
Backport of 447b6c866f
2021-11-03 19:05:19 +01:00
029c830b71
[2.2.x] Fixed #33247 -- Added configuration for Read The Docs.
...
Co-authored-by: Andrew Neitsch <andrew@neitsch.ca>
Backport of 0da7a2e9da
2021-11-03 19:04:59 +01:00
12141e3116
[2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required.
...
Follow up to 837ffcfa68
2021-11-03 08:42:27 +01:00
cf63dd5c1b
[2.2.x] Added 'formatter' to spelling wordlist.
...
Backport of e43a131887
2021-10-12 15:18:17 +02:00
05bc1c81aa
[2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+.
...
Thanks Michał Górny for the report.
Backport of 50ed545e2f
2021-09-02 11:06:10 +02:00
a9c0aa11e7
[2.2.x] Refs #31676 -- Updated technical board description in organization docs.
...
According to DEP 0010.
Backport of f2ed2211c2
2021-07-30 11:53:15 +02:00
66008c2af0
[2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs.
...
According to DEP 0010.
Backport of 228ec8e015
2021-07-30 11:52:46 +02:00
d4d1c2b3db
[2.2.x] Refs #31676 -- Removed Core team from organization docs.
...
According to DEP 0010.
Backport of caa2dd08c4
2021-07-30 11:52:43 +02:00
8f59f72a20
[2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs.
...
Backport of 37e8367c35
2021-07-13 20:26:17 +02:00
837ffcfa68
[2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required.
2021-06-21 13:06:31 +02:00
dc43667eab
[2.2.x] Fixed docs header underlines in security archive.
...
Backport of d9cee3f5f2
2021-06-02 12:29:11 +02:00
3e7bb564be
[2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.
...
Backport of a39f235ca4
2021-06-02 11:19:59 +02:00
48bde7cab4
[2.2.x] Post-release version bump.
2021-06-02 10:36:52 +02:00
2da029d854
[2.2.x] Bumped version for 2.2.24 release.
2021-06-02 10:28:20 +02:00
f27c38ab5d
[2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:26:22 +02:00
053cc9534d
[2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:26:22 +02:00
6229d8794f
[2.2.x] Confirmed release date for Django 2.2.24.
...
Backport of f66ae7a2d5
2021-06-02 10:23:20 +02:00
f163ad5c63
[2.2.x] Added stub release notes and date for Django 2.2.24.
...
Backport of b46dbd4e3e
2021-05-26 10:21:53 +02:00
bed1755bc5
[2.2.x] Changed IRC references to Libera.Chat.
...
Backport of 66491f08fe
2021-05-20 12:42:48 +02:00
Mariusz Felisiak
David Smith
Markus Holtermann
Carlton Gibson
Florian Apolloner
Adam Johnson
Carlton Gibson