29e4ccb1a2
Fixed #32738 -- Deprecated django.utils.datetime_safe module.
2021-05-12 14:42:17 +02:00
1061f52436
Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
...
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes.
2021-05-12 10:42:01 +02:00
205c36b58f
Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.
2021-05-07 20:03:46 +02:00
028f10fac6
Fixed #32712 -- Deprecated django.utils.baseconv module.
2021-05-07 11:57:40 +02:00
29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
efebcc429f
Added CVE-2021-32052 to security archive.
2021-05-06 09:58:24 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
96f55ccf79
Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b6594305
2021-05-05 08:43:57 +02:00
62b2e8b37e
Added commits for CVE-2021-31542 to security archive.
2021-05-04 11:09:21 +02:00
607ebbfba9
Added CVE-2021-31542 to security archive.
2021-05-04 11:06:07 +02:00
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00
907d3a7ff4
Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated.
2021-04-29 13:53:56 +02:00
baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
...
Follow up to 1871182031
2021-04-29 12:04:30 +02:00
4ab3ef238e
Fixed #32675 -- Doc'd that autodector changes might cause generation of no-op migrations.
...
Follow up to aa4acc164d
2021-04-29 07:46:22 +02:00
c8b6594305
Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdc
2021-04-28 12:13:55 +02:00
6e742dabc9
Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb876
2021-04-27 10:43:35 +02:00
1871182031
Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a1
2021-04-27 10:34:47 +02:00
4e5bbb6ef2
Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b3205
2021-04-26 07:08:16 +02:00
6d0cbe42c3
Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
...
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9#27149 ).
Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
...
Thanks Jared Lockhart for the report.
Regression in c36075ac1d
2021-04-21 09:41:37 +02:00
5c73fbb6a9
Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
...
Regression in 30e59705fc
2021-04-21 08:31:06 +02:00
54e94640ac
Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite.
2021-04-20 11:44:41 +02:00
4511d14598
Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
...
Thanks Jan Pieter Waagmeester for the report.
Regression in 2d6179c819
2021-04-14 22:52:59 +02:00
ca98729055
Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
...
Thanks Matt Westcott for the report.
Regression in 779e615e36
2021-04-14 21:11:17 +02:00
338eb65b6e
Refs #32548 -- Forwardported 3.2.1 release note.
2021-04-14 20:25:58 +02:00
08c60cce3b
Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.
2021-04-14 16:50:47 +02:00
23fa29f6a6
Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes.
...
Thanks Dlis for the report.
Regression in 26a413507a
2021-04-14 12:23:47 +02:00
a77c9a4229
Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition.
...
Regression in b7b7df5fbc
2021-04-14 10:06:18 +02:00
3b8527e32b
Fixed #32637 -- Restored exception message on technical 404 debug page.
...
Thanks Atul Varma for the report.
2021-04-13 09:15:04 +02:00
9760e262f8
Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns.
2021-04-12 21:11:40 +02:00
45a58c31e6
Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD.
2021-04-08 13:17:08 +02:00
30e123ed35
Fixed #32575 -- Added support for SpatiaLite 5.
2021-04-08 09:36:29 +02:00
3ae4344bbd
Dropped support for GEOS 3.5 and GDAL 2.0.
2021-04-07 20:39:30 +02:00
98abc0c90e
Fixed #32501 -- Added support for returning fields from INSERT statements on SQLite 3.35+.
2021-04-07 20:09:56 +02:00
3f2920ae1d
Corrected release number format in 3.2.1 release notes.
2021-04-07 19:44:29 +02:00
e3cfba0029
Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.
2021-04-07 15:54:24 +02:00
5b05a45c62
Corrected wrapping in 3.2 release notes.
...
Partially reverts 0802b404a2
2021-04-07 07:27:31 +02:00
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
0802b404a2
Added release date for Django 3.2.
...
Adjusted wrapping in release notes where needed.
2021-04-06 11:20:59 +02:00
5aea50e57f
Updated asgiref dependency for 3.2 release series.
2021-04-06 10:38:43 +02:00
1eac8468cb
Added CVE-2021-28658 to security archive.
2021-04-06 09:42:31 +02:00
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
e32722d160
Fixed #32383 -- Added source map support to ManifestStaticFilesStorage.
2021-04-02 12:21:21 +02:00
d915dd1c58
Fixed #32204 -- Added quick filter to admin's navigation sidebar.
2021-03-31 09:31:37 +02:00
7248afe12f
Refs #32105 -- Moved ExceptionReporter template paths to properties.
...
Refs #32316 .
2021-03-31 08:41:57 +02:00
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
038940cf55
Fixed #29127 -- Prevented DiscoverRunner from hiding tagged test with syntax errors.
...
This mades _FailedTest objects always match tags in DiscoverRunner.
2021-03-30 10:26:20 +02:00
2f13c476ab
Fixed #31487 -- Added precision argument to Round().
2021-03-29 09:43:08 +02:00
3a185cee2a
Fixed #32573 -- Fixed bounds in __iso_year lookup optimization.
2021-03-23 21:27:55 +01:00
41e6b2a3c5
Fixed #32556 -- Fixed handling empty string as non-boolean attributes value by assertHTMLEqual().
2021-03-19 20:41:57 +01:00
474cc420bf
Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.
2021-03-19 08:04:37 +01:00
2411b8b5eb
Fixed #16010 -- Added Origin header checking to CSRF middleware.
...
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
dba44a7a7a
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
2021-03-18 20:00:22 +01:00
f6713cda89
Fixed #31370 -- Added support for parallel tests with --buffer.
2021-03-18 15:30:47 +01:00
45814af619
Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error.
2021-03-17 20:56:09 +01:00
d828beb68f
Fixed #32529 -- Delayed creating a test suite in build_suite().
2021-03-11 10:02:06 +01:00
ba9a2b7544
Refs #32508 -- Raised TypeError instead of using "assert" on unsupported operations for sliced querysets.
2021-03-10 09:16:28 +01:00
d01709aae2
Fixed #24141 -- Added QuerySet.contains().
2021-03-06 20:40:29 +01:00
f55f3ce831
Fixed #32493 -- Removed redundant never_cache uses from admin views.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2021-03-03 09:13:07 +01:00
8380fe08a0
Fixed #32456 -- Added dbshell support for specifying a password file on PostgreSQL.
2021-03-01 09:33:49 +01:00
0c7e880e13
Fixed typos in assertQuerysetEqual() docs and 1.6 release notes.
2021-02-26 09:10:52 +01:00
e0f82d7992
Added stub release notes for 3.1.8.
2021-02-25 20:27:10 +01:00
7cc6899d41
Updated links to DEPs.
2021-02-25 17:22:07 +01:00
3089018e95
Fixed #32446 -- Deprecated SERIALIZE test database setting.
...
Whether or not the state of a test database should be serialized can be
inferred from the set of databases allowed to be access from discovered
TestCase/TransactionTestCase enabling the serialized_rollback feature
which makes this setting unnecessary.
This should make a significant test suite bootstraping time difference
on large projects that didn't explicitly disable test database
serialization.
2021-02-24 20:31:11 +01:00
3aa545281e
Fixed #30916 -- Added support for functional unique constraints.
...
Thanks Ian Foote and Mariusz Felisiak for reviews.
2021-02-23 20:19:53 +01:00
ab58f07250
Added CVE-2021-23336 to security archive.
2021-02-19 11:02:32 +01:00
0ad9fa02e0
Refs CVE-2021-23336 -- Updated tests and release notes for affected versions.
2021-02-19 09:03:06 +01:00
d02d60eb0f
Added documentation extlink for bugs.python.org.
2021-02-17 14:24:42 +01:00
3119a6deca
Fixed #26607 -- Allowed customizing formset kwargs with ModelAdmin.get_formset_kwargs().
...
Thanks Nick Pope for reviews.
2021-02-15 11:37:35 +01:00
3fa1ed53be
Refs #32394 -- Rephrased release note for STATIC_URL change.
2021-02-13 20:07:55 +01:00
dcb094abe8
Fixed #32421 -- Made admindocs ModelDetailView show model cached properties.
2021-02-11 06:50:50 +01:00
17a5e2cff6
Fixed #32431 -- Reversed order of security issues history.
2021-02-10 16:02:35 +01:00
ec0ff40631
Fixed #32355 -- Dropped support for Python 3.6 and 3.7
2021-02-10 10:20:54 +01:00
b99d6c9cbc
Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.
2021-02-08 21:08:05 +01:00
9d05add447
Fixed #32394 -- Changed project template settings to use relative STATIC_URL.
...
Refs #25598 which added original support for relative STATIC_URL and
MEDIA_URL.
2021-02-06 13:34:00 +01:00
f23b05696e
Fixed #32395 -- Allowed capturing stdout of migration signals.
2021-02-04 11:19:49 +01:00
ce60d28929
Fixed #31527 -- Allowed admindocs index to handle non-string URLconfs.
2021-02-04 10:11:58 +01:00
e17bdb953a
Fix typos
2021-02-04 09:48:40 +01:00
f39634ff22
Refs #32390 -- Bumped required cx_Oracle to 7.0.
2021-02-03 10:03:33 +01:00
84283ab9cd
Fixed #32390 -- Dropped support for Oracle 12.2 and 18c.
2021-02-03 10:03:33 +01:00
f131841c60
Fixed #32403 -- Fixed re-raising DatabaseErrors when using only 'postgres' database.
...
Thanks Kazantcev Andrey for the report.
Regression in f48f671223
2021-02-02 21:34:36 +01:00
8d3c3a5717
Added stub release notes for 3.1.7.
2021-02-01 10:51:16 +01:00
f749148d62
Added CVE-2021-3281 to security archive.
2021-02-01 10:24:22 +01:00
05413afa8c
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
269a767146
Fixed #32391 -- Used CSS flex properties for changelist filter.
...
Matched layout adjustment using flex from admin sidebar added in
d24ba1be7a
2021-01-28 15:51:05 +01:00
f4272d000a
Fixed #32348 , Refs #29087 -- Corrected tutorial for updated deleting inlines UI.
...
Updated tutorial to match change in 24e540fbd7
2021-01-27 08:44:36 +01:00
1adc09064f
Fixed #32347 -- Made ModelChoiceField include the value in ValidationError for invalid_choice.
2021-01-26 09:31:53 +01:00
dcb3ad3319
Fixed #32292 -- Added support for connection by service name to PostgreSQL.
2021-01-20 17:30:37 +01:00
ab7478d1d4
Fixed #32324 -- Added template block to override the admin site header.
2021-01-19 12:27:07 +01:00
5371342ed6
Fixed #32357 -- Dropped support for PostgreSQL 9.6 and PostGIS 2.3.
2021-01-19 12:25:20 +01:00
10d1261984
Refs #32365 -- Allowed use of non-pytz timezone implementations.
2021-01-19 11:59:37 +01:00
34aa4f1997
Fixed #32296 -- Added --skip-checks option to runserver command.
2021-01-18 12:51:35 +01:00
a948d9df39
Increased the default PBKDF2 iterations for Django 4.0.
2021-01-14 17:50:04 +01:00
0aa6a602b2
Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
e7208f13c0
Refs #25236 -- Removed {% ifequal %} and {% ifnotequal %} template tags per deprecation timeline.
2021-01-14 17:50:04 +01:00
2dd6a83d2d
Refs #12990 -- Removed django.contrib.postgres.forms.JSONField per deprecation timeline.
2021-01-14 17:50:04 +01:00
Nick Pope
Mariusz Felisiak
Jordi Castells
Hasan Ramezani
Simon Charette
Carlton Gibson
Florian Apolloner
Tim Graham
David Wobrock
Konstantin Alekseev
Zain Patel
Tobias Bengfort
Arthur Jovart
Iuri de Silvio
Adam Johnson
Claude Paroz
girishsontakke
Carlton Gibson
Maxim Milovanov
William Schwartz
bankc
Chris Jerdonek
Nick Pope
Florian Demmer
Baptiste Mispelon
Daniyal
Johan Schiff
tim-mccurrach
Jacob Walls
Markus Holtermann
Hannes Ljungberg
manav014
Ramon Saraiva
ThinkChaos
Jim Xie
Dan Swain
Denis Skulimovskiy
Jerin Peter George
muskanvaswan
Paul Ganssle