Carlton Gibson
|
9600f63885
|
Added CVE-2019-14233 to security release archive.
|
2019-08-01 11:57:24 +02:00 |
Carlton Gibson
|
87750787d1
|
Added CVE-2019-14232 to the security release archive.
|
2019-08-01 11:54:24 +02:00 |
Florian Apolloner
|
76ed1c49f8
|
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
Mariusz Felisiak
|
7deeabc7c7
|
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
2019-08-01 09:24:54 +02:00 |
Florian Apolloner
|
4b78420d25
|
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
Florian Apolloner
|
7f65974f82
|
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
Carlton Gibson
|
eea0bf7bd5
|
Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
|
2019-07-31 13:33:01 +02:00 |
Étienne Beaulé
|
5f24e7158e
|
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
|
2019-07-31 11:22:50 +02:00 |
Étienne Beaulé
|
cb3c2da128
|
Moved test for distinct Count() to a separate test case.
|
2019-07-31 10:41:17 +02:00 |
Nick Pope
|
f618e033ac
|
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
|
2019-07-31 10:02:13 +02:00 |
Nick Pope
|
c95d063e77
|
Refs #30160 -- Simplified and improved tests for django.utils.archive.
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
|
2019-07-31 09:46:24 +02:00 |
Nick Pope
|
1692f69e37
|
Refs #30160 -- Doc'd startapp/startproject support for tarfile templates.
|
2019-07-31 09:46:24 +02:00 |
Nick Pope
|
69a30f620e
|
Refs #30160 -- Simplified archive extension map and added other aliases.
|
2019-07-31 09:46:17 +02:00 |
Hasan Ramezani
|
e3fc9af4ab
|
Refs #30593 -- Fixed introspection of check constraints columns on MariaDB.
|
2019-07-30 16:32:13 +02:00 |
Hasan Ramezani
|
b2aad9ad4d
|
Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB.
|
2019-07-30 16:32:13 +02:00 |
Nick Pope
|
421c4cd2ee
|
Removed redundant ArchiveTest.test_extract_method() test.
The extract() function has the same code as used in the test method
for Archive.extract().
|
2019-07-30 11:33:53 +02:00 |
Nick Pope
|
0509148c24
|
Refs #30160 -- Made destination path a required argument of extract().
|
2019-07-30 11:27:56 +02:00 |
Jerrod Martin
|
c7bef16a74
|
Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
Co-Authored-By: Daniel Hahler <git@thequod.de>
|
2019-07-29 11:09:54 +02:00 |
daniel a rios
|
68aeb90160
|
Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
|
2019-07-29 09:52:29 +02:00 |
daniel a rios
|
fe33fdc049
|
Refs #30656 -- Reorganized bulk methods in the database optimization docs.
|
2019-07-29 09:52:29 +02:00 |
Claude Paroz
|
3c6d32e0b2
|
Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
Thanks Mariusz Felisiak for contributing the Point part.
|
2019-07-27 20:12:46 +02:00 |
Jon Dufresne
|
4122d9d3f1
|
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
Regression in 519016e5f2 .
|
2019-07-27 12:04:56 +02:00 |
Jon Dufresne
|
619c9a4f49
|
Added tests for using attnames to assign OneToOne and Foreign Key fields.
|
2019-07-27 12:03:45 +02:00 |
Piotr Domanski
|
4b4e68a7a6
|
Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper.
|
2019-07-26 07:31:51 +02:00 |
Mariusz Felisiak
|
806ba19bbf
|
Added Query.is_sliced property.
Previously, we used Query.can_filter() mainly to check if a query is
sliced what was confusing.
|
2019-07-25 20:45:55 +02:00 |
Hasan Ramezani
|
1853383969
|
Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference().
|
2019-07-25 12:39:55 +02:00 |
Carlton Gibson
|
f13147c8de
|
Added stub release notes for security releases.
|
2019-07-25 10:49:30 +02:00 |
Jon Dufresne
|
5ed20b3aa3
|
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
Allows model fields to override the descriptor class used on the model
instance attribute.
|
2019-07-25 08:15:20 +02:00 |
Jon Dufresne
|
93ffa81bc5
|
Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name.
|
2019-07-25 07:24:52 +02:00 |
Tom Forbes
|
fc75694257
|
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
|
2019-07-24 14:08:37 +02:00 |
Mariusz Felisiak
|
fed5e19369
|
Removed unused BaseReloader.watch_file().
Unused since its introduction in c8720e7696 .
|
2019-07-24 13:32:02 +02:00 |
Jon Dufresne
|
d89053585e
|
Improved error message when index in __getitem__() is invalid.
|
2019-07-23 20:12:08 +02:00 |
terminator14
|
8323691de0
|
Fixed typo in docs/topics/http/sessions.txt.
|
2019-07-23 15:10:58 +02:00 |
Mariusz Felisiak
|
8d52a525c8
|
Refs #29548 -- Fixed DatabaseWrapper.display_name on MariaDB.
|
2019-07-23 13:34:06 +02:00 |
Tom Forbes
|
2ff517ccb6
|
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
|
2019-07-23 10:03:23 +02:00 |
Jon Dufresne
|
60dc957a82
|
Removed unnecessary code in Model.__init__().
As is_related_object is True, the val variable is unused for the
remainder of the method.
Unnecessary since 53da1e4794 .
|
2019-07-23 07:45:07 +02:00 |
Georgi Yanchev
|
c6581a40be
|
Fixed #30644 -- Made introspection use pg_table_is_visible() instead of filtering by public schema on PostgreSQL.
|
2019-07-22 08:14:53 +02:00 |
Mariusz Felisiak
|
842fd620ff
|
Simplified get_key_columns()/get_relations() introspection methods for PostgreSQL.
|
2019-07-20 15:15:41 +02:00 |
Min ho Kim
|
9f11939dd1
|
Fixed typos in comments and a test name.
|
2019-07-19 18:24:06 +02:00 |
Mariusz Felisiak
|
fc1182af01
|
Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
Thanks Carlton Gibson the review.
|
2019-07-19 16:06:05 +02:00 |
Mariusz Felisiak
|
a2e1c17f19
|
Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
|
2019-07-19 16:06:05 +02:00 |
Hasan Ramezani
|
1fc2c70f76
|
Fixed #30593 -- Added support for check constraints on MariaDB 10.2+.
|
2019-07-19 11:05:06 +02:00 |
Davit Gachechiladze
|
7f612eda80
|
Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
|
2019-07-18 18:40:40 +02:00 |
Mariusz Felisiak
|
230d75f59c
|
Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
|
2019-07-18 12:56:25 +02:00 |
Mads Jensen
|
a3417282ac
|
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
2019-07-16 18:04:41 +02:00 |
Mads Jensen
|
7174cf0b00
|
Refs #29824 -- Added RangeOperators helper class.
|
2019-07-16 16:57:46 +02:00 |
Mariusz Felisiak
|
cf79f92abe
|
Simplified tests for PostgreSQL constraints.
|
2019-07-16 16:56:44 +02:00 |
Mariusz Felisiak
|
ad4e83a6d1
|
Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
|
2019-07-16 15:08:14 +02:00 |
Frank Wiles
|
fa65b90a96
|
Updated WSGI servers ordering according to the more commonly used.
|
2019-07-16 14:43:59 +02:00 |
Yann Sionneau
|
e47b8293a7
|
Fixed #30636 -- Fixed options ordering when cloning test database on MySQL.
--defaults-file must be given before other options.
|
2019-07-16 07:25:43 +02:00 |