p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
31,243 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

4369 Commits

Author SHA1 Message Date
David Wobrock 41019e48bb Refs #27236 -- Added generic mechanism to handle the deprecation of migration operations. 2022-07-08 07:05:55 +02:00
Simon Charette 877c800f25 Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-07-06 07:40:07 +02:00
Mariusz Felisiak d12d7c4c42 Added CVE-2022-34265 to security archive. 2022-07-04 10:27:14 +02:00
Mariusz Felisiak c6932ea2ea Added stub release notes for 4.0.7. 2022-07-04 10:06:07 +02:00
Mariusz Felisiak 54eb8a374d Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:13:41 +02:00
Michael Manfre 03eec9ff6c Updated vendored _urlsplit() to strip newline and tabs. 
Refs Python CVE-2022-0391. Django is not affected, but others who
incorrectly use internal function url_has_allowed_host_and_scheme()
with unsanitized input could be at risk.
 2022-07-01 08:48:38 +02:00
Mariusz Felisiak 154dd1c0ed
Refs #33697 -- Added backward incompatibility note about removing multipartparser.parse_header(). 2022-06-28 21:45:03 +02:00
Hrushikesh Vaidya 72e41a0df6 Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28 10:54:38 +02:00
Mariusz Felisiak b2eff16806 Added stub release notes and release date for 4.0.6 and 3.2.14. 2022-06-27 07:13:26 +02:00
Mariusz Felisiak a0608c4b11
Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0. 
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5.
 2022-06-21 09:09:41 +02:00
Anv3sh d7f5bfd241 Fixed #32969 -- Fixed pickling HttpResponse and subclasses. 2022-06-20 08:51:26 +02:00
Matt Brewer 8d160f154f Fixed #33788 -- Added TrigramStrictWordSimilarity() and TrigramStrictWordDistance() on PostgreSQL. 2022-06-17 11:14:30 +02:00
David Wobrock e286ce17ff Fixed #24870 -- Added --update option to makemigrations command. 2022-06-17 07:50:39 +02:00
Carlton Gibson 2a2bde52f3 Updated asgiref dependency for 4.1 release series. 2022-06-16 12:13:15 +02:00
Ronnie van den Crommenacker c32858a8ce Fixed #33565 -- Improved locale format validation for the makemessages command. 2022-06-08 16:17:12 +02:00
Ciaran McCormick 286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Samir Shah 6f73eb9d90 Fixed #33742 -- Added id to GeoJSON serializer. 2022-06-01 19:11:26 +02:00
Carlton Gibson d5bc362030 Added stub release notes for 4.0.6. 2022-06-01 14:36:22 +02:00
Carlton Gibson 40bf34a92f Updated release date for Django 4.0.5. 2022-06-01 12:25:33 +02:00
Mariusz Felisiak ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
 2022-05-31 11:17:01 +02:00
Mariusz Felisiak 90aabd730a
Fixed #33724 -- Doc'd exclude argument changes in model validation. 
Thanks אורי for the report.

Follow up to 1ea7e3157d.
 2022-05-24 10:02:53 +02:00
Sankalp 90dcf27114 Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable. 
Regression in d915dd1c58.

Follow up to 780473d756.
 2022-05-21 13:37:53 +02:00
Mariusz Felisiak 981c23c0cc
Fixed #33717 -- Dropped support for PostgreSQL 11. 2022-05-19 09:26:48 +02:00
David Wobrock 9f55489529 Fixed #33705 -- Fixed crash when using IsNull() lookup in filters. 
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.
 2022-05-19 07:02:22 +02:00
Mariusz Felisiak 19297de2fe
Fixed #33713 -- Dropped support for MariaDB 10.3. 2022-05-18 08:38:08 +02:00
Carlton Gibson 3c6f1fd1f8 Increased the default PBKDF2 iterations for Django 4.2. 2022-05-17 14:22:06 +02:00
Carlton Gibson d10e569ea5 Added stub release notes for 4.2. 2022-05-17 14:22:06 +02:00
Carlton Gibson d6e3756946 Removed empty sections from 4.1 release notes. 2022-05-17 11:21:08 +02:00
David Smith d126eba363 Refs #32339 -- Deprecated default.html form template. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2022-05-17 11:16:54 +02:00
Alokik Vijay 6af8673255 Update docs/releases/4.1.txt 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-05-17 10:50:09 +02:00
Alokik Vijay 7f3cfaa12b Fixed #32565 -- Moved internal URLResolver view-strings mapping to admindocs. 
Moved the functionality of URLResolver._is_callback(),
URLResolver._callback_strs, URLPattern.lookup_str() to
django.contrib.admindocs.
 2022-05-17 10:50:09 +02:00
David Wobrock 97f124f39e Refs #27064 -- Made migrations generate RenameIndex operations when moving indexes from index_together to Meta.indexes. 2022-05-17 07:21:36 +02:00
David Wobrock c6cec3c2d2 Refs #27064 -- Made migrations generate RenameIndex operations when renaming Meta.indexes. 2022-05-16 17:46:24 +02:00
Marcelo Galigniana 76af861356 Fixed #27550 -- Allowed GEOSGeometry.normalize() to return a normalized clone. 2022-05-16 06:46:53 +02:00
Mariusz Felisiak d27e6b233f
Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. 
Thanks Ben Picolo for the report.
 2022-05-16 06:17:40 +02:00
David Wobrock eacd4977f6 Refs #27064 -- Added RenameIndex migration operation. 2022-05-12 20:44:03 +02:00
Kapil Bansal 3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields. 
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
 2022-05-12 14:16:52 +02:00
Mariusz Felisiak 68da6b389c
Fixed #33543 -- Deprecated passing nulls_first/nulls_last=False to OrderBy and Expression.asc()/desc(). 
Thanks Allen Jonathan David for the initial patch.
 2022-05-12 11:30:03 +02:00
Mariusz Felisiak 02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
Marc Seguí Coll 262fde94de Fixed #33622 -- Allowed customizing error messages for invalid number of forms. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-05-10 13:42:31 +02:00
Gagaro 667105877e Fixed #30581 -- Added support for Meta.constraints validation. 
Thanks Simon Charette, Keryn Knight, and Mariusz Felisiak for reviews.
 2022-05-10 11:22:23 +02:00
David Smith ec5659382a Fixed #32339 -- Added div.html form template. 2022-05-05 14:32:43 +02:00
Mariusz Felisiak 37470bbd90
Fixed #33675 -- Dropped support for PostgreSQL 10 and PostGIS 2.4. 2022-05-04 06:28:51 +02:00
Carlton Gibson c5fd5e3cc3 Updated release date for Django 4.0.5. 2022-05-03 09:18:42 +02:00
David ce586ed693 Removed hyphen from pre-/re- prefixes. 
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
 2022-04-28 10:44:14 +02:00
David 33e89de8ca Changed "stdlib" to "Standard Library" in docs/releases/1.9.txt. 2022-04-28 10:44:14 +02:00
David 51874dd160 Added backticks to code literals in various docs. 2022-04-28 10:44:14 +02:00
David 15b888bb83 Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 2022-04-28 10:44:09 +02:00
David 1c2bf80acb Changed "ie." to "i.e." in docs. 2022-04-28 10:37:06 +02:00
Carlton Gibson 476d4d5087 Refs #32339 -- Allowed renderer to specify default form and formset templates. 
Co-authored-by: David Smith <smithdc@gmail.com>
 2022-04-27 10:21:04 +02:00
Andrew Godwin 58b27e0dbb Fixed #33646 -- Added async-compatible interface to QuerySet. 
Thanks Simon Charette for reviews.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-04-26 20:25:23 +02:00
Mariusz Felisiak eeb0bb6379
Refs #27674 --- Deprecated django.contrib.gis.admin.OpenLayersWidget. 2022-04-22 11:36:27 +02:00
Aymeric Augustin 12576bd371 Refactored out RedirectURLMixin.get_redirect_url(). 
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.

This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
 2022-04-20 10:04:29 +02:00
Carlton Gibson bf7c51a5f4 Fixed #33639 -- Enabled cached template loader in development. 2022-04-19 12:13:27 +02:00
Carlton Gibson deedf5bbc3 Refs #31169 -- Added release note for parallel test running changes. 2022-04-14 12:38:31 +02:00
Florian Apolloner 2eea361eff Fixed #30511 -- Used identity columns instead of serials on PostgreSQL. 2022-04-13 21:51:51 +02:00
Mariusz Felisiak b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak 78eeff8d33 Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11 10:32:22 +02:00
Mariusz Felisiak 6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
 2022-04-11 08:59:33 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9.
 2022-04-11 07:37:30 +02:00
Carlton Gibson 9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00
sarahboyce 65effbdb10 Fixed #33471 -- Made AlterField operation a noop when changing "choices". 
This also allows customizing attributes of fields that don't affect
a column definition.
 2022-04-06 13:05:57 +02:00
Baptiste Mispelon 50e1e7ef8e Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset. 
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
 2022-04-06 07:58:52 +02:00
Mariusz Felisiak 78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
David c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00
Mariusz Felisiak fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cf.

Regression in 0c71e0f9cf.
 2022-03-30 07:31:56 +02:00
Carlton Gibson 59ab3fd0e9 Refs #32365 -- Deprecated django.utils.timezone.utc. 2022-03-29 14:47:44 +02:00
Alokik Vijay baf9604ed8 Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs. 
Thanks Florian Apolloner for the review and implementation idea.
 2022-03-29 10:27:40 +02:00
Mariusz Felisiak 83c803f161
Updated Oracle docs links to Oracle 21c. 2022-03-29 09:41:57 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests. 
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-03-29 06:42:14 +02:00
adontz 2bee0b4328 Fixed #7497 -- Allowed overriding the order of apps and models in admin. 2022-03-25 10:33:44 +01:00
Mariusz Felisiak 94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin. 2022-03-24 17:41:53 +01:00
Thomas Schmidt 1cf60ce601 Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value. 2022-03-23 19:33:36 +01:00
Mariusz Felisiak 39ae8d740e
Added missing backticks to function names. 2022-03-17 11:10:03 +01:00
Mariusz Felisiak be80aa55ec
Removed outdated handling of length parameter to If-Modified-Since header. 
The length parameter is not described in RFC-7232 and it's against
HTTP/1.0 and HTTP/1.1 specifications. It was an old and unofficial
extension set by some ancient versions of IE.
 2022-03-15 13:07:44 +01:00
Mariusz Felisiak 6ffe48b8e4
Moved log_response() release notes into backwards incompatible changes section. 
Follow up to 90cf963264.
 2022-03-11 22:16:46 +01:00
Adrian Torres d90e34c61b Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. 2022-03-10 12:57:19 +01:00
David Smith 67b5f506a6
Changed some words to use inline markup. 2022-03-10 10:18:31 +01:00
Luke Plant ae2da5ba65 Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the max_age argument. 2022-03-07 07:57:14 +01:00
Ryan Heard c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Carlton Gibson 9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Carlton Gibson 47143e27d4 Updated release date for version 4.0.3. 2022-03-01 09:32:18 +01:00
Mariusz Felisiak 445b075def
Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c82667.

Thanks David Glenck for the report.
 2022-03-01 08:09:58 +01:00
Albert Defler 2b6a3baebe Fixed #31486 -- Deprecated passing unsaved objects to related filters. 
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
 2022-02-25 07:51:37 +01:00
Shubh1815 11cc227344 Fixed #33267 -- Added link to related item to related widget wrapper in admin. 2022-02-25 06:33:05 +01:00
Claude Paroz eabc22f919
Fixed #33328 -- Transformed formset:added/removed to native JS events. 2022-02-23 10:33:07 +01:00
David Wobrock 7c318a8bdd Fixed #27844 -- Added optimizemigration management command. 2022-02-22 10:30:40 +01:00
Albert Defler 7ba6ebe914 Fixed #19580 -- Unified behavior of reverse foreign key and many-to-many relations for unsaved instances. 2022-02-22 09:16:40 +01:00
Theo Alexiou 659d2421c7 Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects. 2022-02-21 10:11:26 +01:00
Hasan Ramezani 9ac3ef59f9 Fixed #33379 -- Added minimum database version checks. 
Thanks Tim Graham for the review.
 2022-02-18 13:37:49 +01:00
Mariusz Felisiak 1e2e1be02b
Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 4328970780.

Refs #23916.
 2022-02-16 21:09:24 +01:00
Carlton Gibson d113b5a837 Refs #33476 -- Made management commands use black. 
Run black on generated files, if it is available on PATH.
 2022-02-11 12:23:26 +01:00
Theo Alexiou f9ec777a82 Fixed #26287 -- Added support for addition operations to SimpleLazyObject. 2022-02-10 11:24:51 +01:00
Claude Paroz 4c76ffc2d6 Fixed #29490 -- Added support for object-based Media CSS and JS paths. 2022-02-10 08:48:27 +01:00
Carlton Gibson ba94488196 Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-02-07 20:36:04 +01:00
David Smith 770d3e6a4c
Fixed typo in release notes. 2022-02-02 07:17:57 +01:00
tschilling 0dcd549bbe Fixed #30360 -- Added support for secret key rotation. 
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
 2022-02-01 11:12:24 +01:00
Mariusz Felisiak ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak 9e0df0d6dd Added CVE-2022-22818 and CVE-2022-23833 to security archive. 2022-02-01 08:17:25 +01:00
Mariusz Felisiak fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.
 2022-02-01 07:41:40 +01:00
Markus Holtermann 394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:40:51 +01:00
Kirill Safronov 97a7274468 Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d.
 2022-02-01 07:01:41 +01:00
Mariusz Felisiak 71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
 2022-01-31 11:33:24 +01:00
Claude Paroz beb7ddbcee Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.

Forwardport of 7a1c6533eb from stable/4.0.x.
 2022-01-29 19:01:15 +01:00
vgolubev e87f57fdb8 Fixed #26142 -- Allowed model formsets to prevent new object creation. 
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.

Co-authored-by: parth <parthvin@gmail.com>
 2022-01-27 20:45:21 +01:00
Mariusz Felisiak e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce.
 2022-01-27 18:51:39 +01:00
Carlton Gibson 85f2a9fb0f Fixed #33407 -- Fixed .radiolist admin CSS. 
Regression in 5942ab5eb1.
 2022-01-26 09:26:48 +01:00
Mariusz Felisiak 34aba9c06e
Fixed typo in docs/releases/4.1.txt. 2022-01-25 10:57:05 +01:00
Mariusz Felisiak eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Jacob Walls edbf930287 Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects. 
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2022-01-25 06:12:04 +01:00
Claude Paroz 7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
Jacob Walls 2d8232fa71 Fixed #26760 -- Added --prune option to migrate command. 2022-01-21 17:10:31 +01:00
Fabian Büchler eeff1787b0 Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field. 
Regression in aa4acc164d.
 2022-01-21 06:44:53 +01:00
Mariusz Felisiak f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1. 2022-01-20 18:54:29 +01:00
sean_c_hsu 0f6946495a Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create(). 
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
 2022-01-19 20:17:42 +01:00
Adam Johnson dc8bb35e39 Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage. 2022-01-18 12:53:14 +01:00
Adam Johnson 45a42aabfa Fixed #29708 -- Deprecated PickleSerializer. 2022-01-13 13:50:20 +01:00
Adam Johnson 90cf963264 Changed django.utils.log.log_response() to take exception instance. 
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
 2022-01-12 20:23:42 +01:00
Jacob Walls dc9deea8e8 Fixed #11715 -- Changed default value of ModelAdmin.actions/inlines to empty tuples. 
This clarifies the intended pattern of overwriting the default value
rather than mutating it.
 2022-01-11 12:22:49 +01:00
mgaligniana fa235004dd Fixed #13251 -- Made pre/post_delete signals dispatch the origin. 2022-01-11 08:06:18 +01:00
Jacob Walls 6f78cb6b13 Fixed #29026 -- Added --scriptable option to makemigrations. 2022-01-10 18:49:57 +01:00
Keryn Knight f4b06a3cc1 Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views. 
Regression in 7c08f26bf0.
 2022-01-10 17:30:41 +01:00
Keryn Knight 2a66c102d9 Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page. 
Regression in 0c0b87725b.
 2022-01-08 13:05:55 +01:00
David 4c60c3edff Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe. 
Regression in 456466d932.

Thanks Matt Westcott for the report.
 2022-01-07 15:35:31 +01:00
Baptiste Mispelon c67e1cf44f Refs #33348 -- Deprecated passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors(). 2022-01-06 17:29:32 +01:00
Petter Friberg bc174e6ea0 Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks(). 
Regression in d89f976bdd.
 2022-01-06 06:38:17 +01:00
Carlton Gibson 63869ab1f1 Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 2022-01-04 11:30:11 +01:00
Carlton Gibson f38c66b555 Added stub release notes for Django 4.0.2. 2022-01-04 11:10:53 +01:00
Carlton Gibson 155e06a50b Corrected merge error in release notes. 2022-01-04 10:50:23 +01:00
Florian Apolloner 6d343d01c5 Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:04:12 +01:00
Florian Apolloner 761f449e0d Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:03:56 +01:00
Florian Apolloner 968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:02:05 +01:00
Carlton Gibson b13d920b7b Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 2021-12-28 08:47:33 +01:00
Hannes Ljungberg 59a66f0512 Refs #33342 -- Deprecated ExclusionConstraint.opclasses. 2021-12-27 08:55:18 +01:00
Hannes Ljungberg 0e656c02fe Fixed #33342 -- Added support for using OpClass() in exclusion constraints. 2021-12-24 11:39:00 +01:00
Mariusz Felisiak ca04659b4b
Refs #32355 -- Bumped required psycopg2 version to 2.8.4. 
psycopg2 2.8.4 is the first release to support Python 3.8.
 2021-12-22 20:32:55 +01:00
Brenton Partridge 19fb838803 Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64. 2021-12-21 13:00:09 +01:00
Simon Charette 4328970780 Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector. 
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.

This likely slipped under the radar for so long and only regressed in
b9df2b74b9 because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.

Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.
 2021-12-17 07:46:58 +01:00
Mariusz Felisiak 40165eecc4
Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest. 
Regression in 3fd82a6241.

Thanks Terence Honles for the report.
 2021-12-16 20:13:17 +01:00
mgaligniana 068b2c072b Fixed #30127 -- Deprecated name argument of cached_property(). 2021-12-16 18:52:27 +01:00
mgaligniana ac5cc6cf01 Fixed #33316 -- Added pagination to admin history view. 2021-12-15 10:54:08 +01:00
Jacob Walls 76ccce64cc Fixed #16063 -- Adjusted admin changelist searches spanning multi-valued relationships. 
This reduces the likelihood of admin searches issuing queries with
excessive joins.
 2021-12-15 08:14:19 +01:00
Jeremy Lainé 2f33217ea2 Fixed #33361 -- Fixed Redis cache backend crash on booleans. 2021-12-14 07:16:30 +01:00
David Smith eba9a9b7f7 Refs #32338 -- Added Boundfield.legend_tag(). 2021-12-09 07:16:33 +01:00
Baptiste Mispelon cb383753c0 Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form". 
Thanks OutOfFocus4 for the report.

Regression in 456466d932.
 2021-12-08 20:33:03 +01:00
Shreya Bamne 8a4e506760 Fixed #19721 -- Allowed admin filters to customize the list separator. 2021-12-08 15:25:52 +01:00
Nick Pope dfdf1c6864 Improved release notes wording for template-based form rendering. 2021-12-07 12:44:33 +01:00
Mariusz Felisiak adef3d975e Added stub release notes for 4.0.1. 2021-12-07 10:41:32 +01:00
Mariusz Felisiak d7bd9eb6cd Finalized release notes for Django 4.0. 2021-12-07 10:02:41 +01:00