Carlton Gibson
976e2b7420
Added release date for 3.1.1, 3.0.10, and 2.2.16.
2020-09-01 09:56:42 +02:00
Mariusz Felisiak
1853724aca
Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.
2020-09-01 09:17:23 +02:00
Mariusz Felisiak
8d7271578d
Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
...
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
007gzs
2bc38bc7ca
Fixed #31901 -- Prevented content overflowing in the admin changelist with navigation sidebar.
2020-09-01 07:51:22 +02:00
Federico Jaramillo Martínez
179d9dc0c2
Fixed #31952 -- Fixed EmptyFieldListFilter crash with reverse relationships.
...
Thanks dacotagh for the report.
2020-08-31 09:28:05 +02:00
Simon Charette
f6405c0b8e
Fixed #31965 -- Adjusted multi-table fast-deletion on MySQL/MariaDB.
...
The optimization introduced in 7acef095d7
did not properly handle
deletion involving filters against aggregate annotations.
It initially was surfaced by a MariaDB test failure but misattributed
to an undocumented change in behavior that resulted in the systemic
generation of poorly performing database queries in 5b83bae031
.
Thanks Anton Plotkin for the report.
Refs #23576 .
2020-08-31 08:11:28 +02:00
Mariusz Felisiak
0be51d2226
Fixed #31956 -- Fixed crash of ordering by JSONField with a custom decoder on PostgreSQL.
...
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.
2020-08-28 19:09:46 +02:00
Kevin Michel
825ce75fae
Fixed #31928 -- Fixed detecting an async get_response in various middlewares.
...
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.
This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.
Thanks Kordian Kowalski for the report.
2020-08-28 12:33:15 +02:00
Mariusz Felisiak
e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator.
...
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.
Thanks tytusd and leonyxz for reports.
Regression in edeec1247e
and
26554cf5d1
.
2020-08-28 05:57:36 +02:00
Mariusz Felisiak
1251772cb8
Fixed #31936 -- Fixed __in lookup on key transforms for JSONField.
...
This resolves an issue on databases without a native JSONField
(MariaDB, MySQL, SQLite, Oracle), where values must be wrapped.
Thanks Sébastien Pattyn for the report.
2020-08-26 22:13:37 +02:00
Michael Galler
547a07fa7e
Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-08-26 07:13:49 +02:00
Mariusz Felisiak
bb8f66934d
Fixed #31877 -- Reverted "Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context."
...
This reverts commit 4ed534758c
.
2020-08-24 11:37:59 +02:00
Mariusz Felisiak
04e87e79a0
Refs #31877 -- Reverted "Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning."
...
This reverts commit 20799cc0a6
.
2020-08-24 11:37:59 +02:00
Mariusz Felisiak
4376c2c7f8
Fixed #31895 -- Fixed crash when decoding invalid session data.
...
Thanks Matt Hegarty for the report.
Regression in d4fff711d4
.
2020-08-19 12:06:00 +02:00
Mariusz Felisiak
21768a99f4
Refs #31863 -- Added release notes for 94ea79be13
.
2020-08-13 16:29:55 +02:00
Adam Johnson
20799cc0a6
Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning.
...
SimpleLazyObjects cause a crash when filtering.
Thanks Tim L. White for the report.
Regression in 4ed534758c
.
2020-08-13 07:26:10 +02:00
Daniel Hillier
60626162f7
Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()).
2020-08-11 11:55:10 +02:00
Carlton Gibson
0aeb802cf0
Fixed #31865 -- Adjusted admin nav sidebar template to reduce debug logging.
...
Thanks to Mariusz Felisiak for review.
2020-08-11 11:42:15 +02:00
Mariusz Felisiak
99abfe8f4d
Fixed #31864 -- Fixed encoding session data during transition to Django 3.1.
...
Thanks אורי for the report.
2020-08-07 21:42:39 +02:00
Mariusz Felisiak
e70dc506d7
Fixed #31854 -- Fixed wrapping of long model names in admin's sidebar.
2020-08-05 10:54:25 +02:00
007gzs
b0af56f639
Fixed #31853 -- Fixed wrapping of translated action labels in admin sidebar.
2020-08-05 10:24:16 +02:00
Mariusz Felisiak
6c19230297
Added stub release notes for 3.1.1.
2020-08-04 10:34:38 +02:00