p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
28,680 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

28680 Commits

Author SHA1 Message Date
Mariusz Felisiak 020bb45b03 [3.1.x] Post-release version bump. 2021-05-06 09:06:53 +02:00
Mariusz Felisiak a2407cd67b [3.1.x] Bumped version for 3.1.10 release. 2021-05-06 09:04:41 +02:00
Mariusz Felisiak afb23f5929 [3.1.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603

Backport of e1e81aa1c4 from main.
 2021-05-06 08:50:52 +02:00
Carlton Gibson fdbf4a7c16 [3.1.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. 
The validate_file_name() sanitation introduced in
0b79eb3691 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2a to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.

Backport of a708f39ce6 from main
 2021-05-06 07:42:45 +02:00
Carlton Gibson 48b39a8e99 [3.1.x] Added CVE-2021-31542 to security archive. 
Backport of 607ebbfba9 and
62b2e8b37e from main
 2021-05-04 11:13:11 +02:00
Carlton Gibson 80124410fa [3.1.x] Post-release version bump. 2021-05-04 10:32:07 +02:00
Carlton Gibson 8284fd67b4 [3.1.x] Bumped version for 3.1.9 release. 2021-05-04 10:25:17 +02:00
Florian Apolloner 25d84d6412 [3.1.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-04-27 19:12:15 +02:00
Mariusz Felisiak 6b0c7e6f50 [3.1.x] Added CVE-2021-28658 to security archive. 
Backport of 1eac8468cb from main
 2021-04-06 09:46:21 +02:00
Mariusz Felisiak 5b9ca81f42 [3.1.x] Post-release version bump. 2021-04-06 08:31:58 +02:00
Mariusz Felisiak c4928c9115 [3.1.x] Bumped version for 3.1.8 release. 2021-04-06 08:27:37 +02:00
Mariusz Felisiak cca0d98118 [3.1.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1a from main.
 2021-04-06 08:25:24 +02:00
tim-mccurrach 6eb01cb052 [3.1.x] Fixed #32576 -- Corrected dumpdata docs for passing model names to the --exclude option. 
Backport of cf2f6fc558 from main
 2021-03-22 08:45:20 +01:00
Mariusz Felisiak 11d241dcf7 [3.1.x] Refs #25735 -- Added tags/exclude_tags arguments to DiscoverRunner docs. 
Backport of 37044817f9 from main.
 2021-03-19 08:11:22 +01:00
Mariusz Felisiak 4a10c312c7 [3.1.x] Added parallel argument to DiscoverRunner docs. 
Follow up to cd9fcd4e80.

Backport of f099ef3ef5 from main.
 2021-03-19 08:09:46 +01:00
Mariusz Felisiak c528c71007 [3.1.x] Corrected DiscoverRunner.build_suite() signature. 
Follow up to 9012833af8.

Backport of fc6fba0aa9 from main
 2021-03-19 08:08:07 +01:00
Adam Johnson 95ee8fecb5 [3.1.x] Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error. 
Backport of 45814af619 from main
 2021-03-17 21:51:51 +01:00
Jozef b58b214856 [3.1.x] Fixed typo in docs/topics/testing/advanced.txt. 
Backport of 6993e1bf6d from main
 2021-03-17 18:50:24 +01:00
Hasan Ramezani 0415ac5af9 [3.1.x] Fixed #32536 -- Added links to BaseDetailView/BaseListView.get() methods in CBV docs. 
Backport of bc04941bf8 from main
 2021-03-16 08:04:28 +01:00
Hasan Ramezani 7c662b75f6 [3.1.x] Fixed typo in docs/ref/checks.txt. 
Backport of 50ef9dfac2 from main
 2021-03-15 09:42:47 +01:00
Mariusz Felisiak 069c338b5e [3.1.x] Updated datum directory for PROJ 6 in GIS install instructions. 
Backport of 4d912e6697 from main
 2021-03-15 08:21:32 +01:00
Mariusz Felisiak 5ab1b7bc26 [3.1.x] Refs #32483 -- Doc'd caveat about using JSONField key transforms to booleans with QuerySet.values()/values_list() on SQLite. 
Backport of c6b07627fc from master
 2021-03-04 11:31:22 +01:00
Mariusz Felisiak 72e2cbe38f [3.1.x] Fixed typo in docs/ref/contrib/postgres/fields.txt. 
Backport of 05bbff8263 from master
 2021-03-04 10:44:40 +01:00
Hasan Ramezani 05066ad961 [3.1.x] Corrected admin.E023 message in docs. 
Backport of d1f89c9b9a from master
 2021-03-04 09:22:01 +01:00
Mariusz Felisiak 350c69113a [3.1.x] Updated links to djangoproject.com/code.djangoproject.com repositories. 
Backport of 2b1de3dd24 from master
 2021-03-03 09:07:33 +01:00
Jacob Walls 200b71b593 [3.1.x] Fixed typos in assertQuerysetEqual() docs and 1.6 release notes. 
Backport of 0c7e880e13 from master
 2021-02-26 09:12:22 +01:00
Mariusz Felisiak bdad3eb7ec [3.1.x] Added stub release notes for 3.1.8. 
Backport of e0f82d7992 from master
 2021-02-25 20:30:29 +01:00
Markus Holtermann 7fffdc4aad [3.1.x] Updated links to DEPs. 
Backport of 7cc6899d41 from master
 2021-02-25 17:27:54 +01:00
Carlton Gibson 3668da8de8 [3.1.x] Added CVE-2021-23336 to security archive. 
Backport of ab58f07250 from master
 2021-02-19 11:05:36 +01:00
Carlton Gibson 87481ea20c [3.1.x] Post-release version bump. 2021-02-19 09:40:16 +01:00
Carlton Gibson 56f2cccc01 [3.1.x] Bumped version for 3.1.7 release. 2021-02-19 09:39:23 +01:00
Nick Pope 8f6d431b08 [3.1.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). 2021-02-18 10:15:30 +01:00
Nick Pope 536d1174bb [3.1.x] Added documentation extlink for bugs.python.org. 
Backport of d02d60eb0f from master
 2021-02-17 14:26:48 +01:00
David Smith 921ffcbb03 [3.1.x] Fixed #32438 -- Fixed typo in docs/topics/testing/tools.txt. 
Backport of e412b28845 from master
 2021-02-12 09:21:42 +01:00
Anil Khatri b1416cbc8b [3.1.x] Fixed #32430 -- Doc'd base class-based views. 
Backport of 6ee86a12ee from master
 2021-02-08 17:34:24 +01:00
Anil Khatri 4f5e550cda [3.1.x] Fixed #32408 -- Doc'd django.views.generic.detail.BaseDetailView. 
Backport of de4492fbb1 from master
 2021-02-08 07:09:09 +01:00
Mariusz Felisiak efaf9f4ac9
[3.1.x] Fixed backends.postgresql.tests.Tests.test_nodb_cursor_raises_postgres_authentication_failure(). 
Follow up to 9efe832ee1.
 2021-02-05 06:08:08 +01:00
Christopher Keith 5dec57a6fc [3.1.x] Fixed #31550 -- Adjusted ASGI test_file_response for various Windows content types. 
Backport of 76181308fb from master
 2021-02-04 21:58:38 +01:00
Carlton Gibson 30b771766b [3.1.x] Corrected typo in advice to new contributors. 
Backport of e48e78738e from master
 2021-02-04 16:03:26 +01:00
GabbyPrecious 526a6f0d25 [3.1.x] Refs #32412 -- Adjusted link from tutorial to reference docs. 
The writing code index page is a better location for a newer contributor to
land, than the specific patch guidelines subpage.

Backport of aa29c57bee from master
 2021-02-04 10:39:22 +01:00
GabbyPrecious fdeca77215 [3.1.x] Refs #32412 -- Adjusted beginning of Advice for new contributors. 
With the goal of guiding folks to the right destination:

* Improved wording of tutorial call-out.
* Added summary of page purpose.
* Added link to Writing code reference doc.

Backport of e733c9ac17 from master
 2021-02-04 10:39:18 +01:00
Mariusz Felisiak 9efe832ee1 [3.1.x] Fixed #32403 -- Fixed re-raising DatabaseErrors when using only 'postgres' database. 
Thanks Kazantcev Andrey for the report.

Regression in f48f671223.
Backport of f131841c60 from master
 2021-02-02 21:36:06 +01:00
Brad Solomon 2d560af8fb [3.1.x] Fixed typo in docs/ref/forms/widgets.txt. 
Backport of f9cfd346f0 from master
 2021-02-01 12:05:49 +01:00
Mariusz Felisiak 65d4c59da9 [3.1.x] Added stub release notes for 3.1.7. 
Backport of 8d3c3a5717 from master
 2021-02-01 10:55:28 +01:00
Mariusz Felisiak a930e77a83 [3.1.x] Added CVE-2021-3281 to security archive. 
Backport of f749148d62 from master
 2021-02-01 10:46:17 +01:00
Mariusz Felisiak 69a40b6dbe [3.1.x] Post-release version bump. 2021-02-01 09:47:27 +01:00
Mariusz Felisiak 3235a7b807 [3.1.x] Bumped version for 3.1.6 release. 2021-02-01 09:33:22 +01:00
Mariusz Felisiak 02e6592835 [3.1.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c from master.
 2021-02-01 09:13:58 +01:00
Mariusz Felisiak 03a86784d0 [3.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 135c800fe6 from master
 2021-01-29 11:03:04 +01:00
Adam Johnson a271d8c15c [3.1.x] Modernized custom manager example 
Since this example was added 15 years ago in a8ccdd0fcd, the ORM has gained the ability to do the `COUNT(*)` related query, so do it with the ORM to avoid misleading users that raw SQL is only supported from manager methods.

Backport of 59e503b670 from master
 2021-01-28 16:02:15 +01:00