4036d62bda
[2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
Backport of d4d800ca1a
2021-04-06 08:38:19 +02:00
6e58828f8b
[2.2.x] Added CVE-2021-23336 to security archive.
...
Backport of ab58f07250
2021-02-19 11:07:56 +01:00
1fb4628a83
[2.2.x] Post-release version bump.
2021-02-19 09:45:49 +01:00
21a5547793
[2.2.x] Bumped version for 2.2.19 release.
2021-02-19 09:44:55 +01:00
fd6b6afd59
[2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl().
2021-02-18 10:27:25 +01:00
226d831918
[2.2.x] Added documentation extlink for bugs.python.org.
...
Backport of d02d60eb0f
2021-02-17 14:28:05 +01:00
34010d8ffa
[2.2.x] Added CVE-2021-3281 to security archive.
...
Backport of f749148d62
2021-02-01 10:47:08 +01:00
06ae7e0742
[2.2.x] Post-release version bump.
2021-02-01 09:49:28 +01:00
fc0c8cfa49
[2.2.x] Bumped version for 2.2.18 release.
2021-02-01 09:43:16 +01:00
21e7622dec
[2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
Backport of 05413afa8c
2021-02-01 09:14:54 +01:00
ee9d623831
[2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
...
Backport of 135c800fe6
2021-01-29 11:03:59 +01:00
e8e28e747f
[2.2.x] Updated CVE URL.
...
Backport of 656b331b13
2021-01-02 12:51:06 +01:00
e893c0ad8b
[2.2.x] Fixed #31850 -- Fixed BasicExtractorTests.test_extraction_warning with xgettext 0.21+.
...
"format string with unnamed arguments cannot be properly localized"
warning is not raised in xgettext 0.21+.
This patch uses a message that causes an xgettext warning regardless of
the version.
Backport of 07a30f5616
2020-11-02 10:30:40 +01:00
3da29a30c6
[2.2.x] Post-release version bump.
2020-11-02 08:55:25 +01:00
c769f65c98
[2.2.x] Bumped version for 2.2.17 release.
2020-11-02 08:49:01 +01:00
3db9a7aa8b
[2.2.x] Set release date for 2.2.17.
...
Backport of 7fc07b9b2b
2020-11-02 08:39:12 +01:00
b4b8ca4895
[2.2.x] Refs #31040 -- Doc'd Python 3.9 compatibility.
...
Backport of e18156b6c3
2020-10-13 08:45:37 +02:00
01742aa932
[2.2.x] Refs #31040 -- Fixed Python PendingDeprecationWarning in select_for_update.tests.
...
Backport of 0dd2308cf6
2020-10-12 12:21:33 +02:00
87b9a8b4de
[2.2.x] Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.
...
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402 .
Backport of 1960d55f8b
2020-10-07 09:16:58 +02:00
657fea55cb
[2.2.x] Skipped GetImageDimensionsTests.test_webp when WEBP is not installed.
...
Bumped minimum Pillow version to 4.2.0 in test requirements.
Backport of fce389af7c
2020-10-06 11:32:34 +02:00
0f6e73e567
[2.2.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive.
...
Backport of d5b526bf78
2020-09-01 11:39:59 +02:00
65078cf060
[2.2.x] Added CVE-2020-13254 and CVE-2020-13596 to security archive.
...
Backport of 54975780ee
2020-09-01 11:39:57 +02:00
0696540e23
[2.2.x] Post-release version bump.
2020-09-01 10:43:21 +02:00
bf07047f45
[2.2.x] Bumped version for 2.2.16 release.
2020-09-01 10:30:56 +02:00
dfcecb6e6c
[2.2.x] Added release date for 2.2.16.
...
Backport of 976e2b7420
2020-09-01 10:00:28 +02:00
a3aebfdc81
[2.2.x] Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.
...
Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
2020-08-25 11:09:40 +02:00
375657a71c
[2.2.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
...
Thanks WhiteSage for the report.
Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
2020-08-25 10:59:42 +02:00
dc39e62e6b
[2.2.x] Refs #31863 -- Added release notes for 94ea79be13.
...
Backport of 21768a99f4
2020-08-13 16:32:58 +02:00
0a7d321bf7
[2.2.x] Fixed #31863 -- Prevented mutating model state by copies of model instances.
...
Regression in bfb746f98394ea79be13
2020-08-13 15:28:21 +02:00
839f906a23
[2.2.x] Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()).
...
Backport of 60626162f7
2020-08-11 12:33:18 +02:00
30706246e7
[2.2.x] Added stub release notes for 2.2.16.
...
Backport of 8a5683b6b2
2020-08-11 11:14:35 +02:00
337dd0221e
[2.2.x] Post-release version bump.
2020-08-03 09:12:12 +02:00
bf6c58435d
[2.2.x] Bumped version for 2.2.15 release.
2020-08-03 09:10:01 +02:00
b70595c94c
[2.2.x] Added release date for 2.2.15.
...
Backport of b68b8cb89a
2020-08-03 08:58:00 +02:00
d74e1c0521
[2.2.x] Pinned geoip2 < 4.0.0 in test requirements.
...
geoip2 4+ doesn't support Python 3.5.
2020-07-23 10:07:35 +02:00
eb81593875
[2.2.x] Fixed #31805 -- Fixed SchemaTests.tearDown() when table names are case-insensitive.
...
Backport of fd53db842c
2020-07-22 12:52:45 +02:00
1a3835fdf3
[2.2.x] Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.
...
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.
See https://bugs.python.org/issue39073
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Backport of 96a3ea39ef
2020-07-20 08:11:30 +02:00
f1a6e6c817
[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Backport of 331324ecce
2020-07-16 09:35:35 +02:00
6f09ee2be3
[2.2.x] Fixed #30945 -- Doc'd plural equations changes in 2.2. release notes.
...
Backport of 392036be29
2020-07-03 09:39:49 +02:00
5968a23e15
[2.2.x] Fixed ForeignKeyRawIdWidgetTest.test_render_unsafe_limit_choices_to on Python 3.5.
2020-07-02 10:59:15 +02:00
202ac0b2a1
[2.2.x] Post-release version bump.
2020-07-01 06:42:42 +02:00
74934f7e43
[2.2.x] Bumped version for 2.2.14 release.
2020-07-01 06:37:55 +02:00
ee9bd41a72
[2.2.x] Added release date for 2.2.14.
...
Backport of 0f3aecf581
2020-07-01 06:19:44 +02:00
fc2a3682f6
[2.2.x] Refs #31751 -- Doc'd that cx_Oracle < 8 is required.
2020-06-30 09:47:50 +02:00
9ecce34afe
[2.2.x] Refs #31682 -- Doc'd minimal sqlparse version in Django 2.2.
...
Support for sqlparse < 0.2.2 was broken in
40b0a58f5f4339f2aff2
2020-06-10 06:55:55 +02:00
cdad78e6ee
[2.2.x] Refs #30183 -- Doc'd dropping support for sqlparse < 0.2.2.
...
Support for sqlparse < 0.2.2 was broken in
782d85b6df4b6db766ba
2020-06-10 06:18:44 +02:00
b2b2723512
[2.2.x] Fixed #31654 -- Fixed cache key validation messages.
...
Backport of 926148ef01
2020-06-05 07:24:04 +02:00
b87719034a
[2.2.x] Fixed ForeignKeyRawIdWidgetTest.test_render_unsafe_limit_choices_to on Python 3.5.
2020-06-04 07:37:40 +02:00
ea9bc392c4
[2.2.x] Refs CVE-2020-13254 -- Fixed cache.tests when KEY_PREFIX is defined.
...
Follow up to 2c82414914229c9c6653
2020-06-03 13:01:31 +02:00
2661c22eb1
[2.2.x] Post-release version bump.
2020-06-03 10:50:32 +02:00
Mariusz Felisiak
Carlton Gibson
Nick Pope
Tim Graham
Max Smolens
Jon Dufresne
Gert Burger
Daniel Hillier
Florian Apolloner
David Smith
Stephen Rauch