ae4077e13e
Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
2021-11-30 11:25:00 +01:00
d811fa1d10
Added stub release notes for Django 3.2.10.
2021-11-01 10:41:06 +01:00
c113f7fb0d
Added stub release notes for Django 3.2.9.
2021-10-05 09:39:20 +02:00
810bca5a1a
Added stub release notes for 4.1.
2021-09-20 21:23:01 +02:00
af10e97531
Added stub release notes for Django 3.2.8.
2021-09-01 09:48:32 +02:00
947bdec60c
Added stub release notes for Django 3.2.7.
2021-08-02 08:41:29 +02:00
bcea1a3193
Added stub release notes for Django 3.2.6.
2021-07-01 09:43:15 +02:00
8e97698d7b
Added stub release notes for 3.1.13 and release date for 3.2.5.
2021-07-01 06:52:41 +02:00
ba10772bf6
Added stub release notes for Django 3.2.5.
2021-06-02 11:25:32 +02:00
b46dbd4e3e
Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-05-26 10:16:05 +02:00
820408d842
Added stub release notes for Django 3.2.4.
2021-05-13 09:42:26 +02:00
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
2021-05-13 08:53:44 +02:00
29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
e0f82d7992
Added stub release notes for 3.1.8.
2021-02-25 20:27:10 +01:00
0ad9fa02e0
Refs CVE-2021-23336 -- Updated tests and release notes for affected versions.
2021-02-19 09:03:06 +01:00
8d3c3a5717
Added stub release notes for 3.1.7.
2021-02-01 10:51:16 +01:00
05413afa8c
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
8774b1144c
Added stub release notes for 4.0.
2021-01-14 17:50:04 +01:00
966ed414b2
Added stub release notes for 3.1.6.
2021-01-04 08:58:03 +01:00
adb40d217e
Added stub release notes for 3.1.5.
2020-12-01 07:12:49 +01:00
c8785b473f
Added stub release notes for 3.1.4.
2020-11-02 09:20:53 +01:00
e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility.
2020-10-13 08:35:01 +02:00
85fa24e3eb
Added stub release notes for 3.1.3.
2020-10-01 07:52:45 +02:00
7a60670b78
Added stub release notes for 3.1.2.
2020-09-01 10:45:12 +02:00
8a5683b6b2
Added stub release notes for 2.2.16 and 3.0.10.
2020-08-11 10:31:44 +02:00
6c19230297
Added stub release notes for 3.1.1.
2020-08-04 10:34:38 +02:00
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
c2a835703f
Added stub release notes for 3.0.9.
2020-07-01 07:00:43 +02:00
926148ef01
Fixed #31654 -- Fixed cache key validation messages.
2020-06-05 07:21:52 +02:00
7ec2658e1e
Added stub release notes for 3.0.8.
2020-06-03 10:54:29 +02:00
50798d4389
Added stub release notes for 2.2.13.
2020-05-14 06:22:54 +02:00
3b94f12462
Added stub release notes for 3.2.
2020-05-13 09:07:51 +02:00
8e8ff38cb8
Added stub release notes for 3.0.7.
2020-05-04 07:38:35 +02:00
a7e4ff370c
Added stub release notes for 3.0.6.
2020-04-01 10:09:43 +02:00
a4200e958d
Added stub release notes for 2.2.12.
2020-03-10 12:01:01 +01:00
1b3a900a69
Added stub release notes for 3.0.5.
2020-03-04 10:56:07 +01:00
6695d29b1c
Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
...
Thanks to Norbert Szetei for the report.
2020-03-04 09:04:50 +01:00
7e8339748c
Added stub release notes for 2.2.11.
2020-02-10 08:18:58 +01:00
273918c25b
Added stub release notes for 3.0.4.
2020-02-03 10:23:54 +01:00
eb31d84532
Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
2020-02-03 08:49:13 +01:00
69331bb851
Added stub release notes for 3.0.3.
2020-01-02 08:36:08 +01:00
50a69efb2e
Added stub release notes for 3.0.2.
2019-12-18 10:51:57 +01:00
ec12c37384
Refs #31073 -- Added release notes for 02eff7ef60.
2019-12-11 10:07:41 +01:00
908c67e719
Added stub release notes for 3.0.1.
2019-12-02 21:43:59 +01:00
e9def97d10
Added stub release notes for 2.1.15.
2019-11-19 12:33:39 +01:00
Mariusz Felisiak
Carlton Gibson
Florian Apolloner
Nick Pope
Simon Charette