Commit Graph

31428 Commits

Author SHA1 Message Date
Sarah Boyce 389318d118 [4.2.x] Bumped grunt-contrib-qunit versions in npm configurations.
Backport of e13954d2cf from main
2023-02-14 19:52:19 +01:00
Sarah Boyce 3b2685b01c [4.2.x] Bumped versions in pre-commit and npm configurations.
Backport of 7e297e52c2 from main
2023-02-14 19:41:11 +01:00
DevilsAutumn 5cde08f702 [4.2.x] Fixed #34250 -- Fixed renaming model with m2m relation to a model with the same name.
Backport of ff3a283422 from main
2023-02-14 14:33:45 +01:00
Carlton Gibson b7aab1fb3a [4.2.x] Fixed #34328 -- Added async-only class-based middleware example.
Backport of ce8189eea0 from main
2023-02-14 14:16:19 +01:00
Carlton Gibson ac8cf0ae76 [4.2.x] Added CVE-2023-24580 to security archive.
Backport of ecafcaf634 from main
2023-02-14 09:53:00 +01:00
Markus Holtermann 7ac5ff37b8 [4.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.
Thanks to Jakob Ackermann for the report.
2023-02-14 08:21:18 +01:00
Sarah Boyce de42d51361 [4.2.x] Fixed #29994 -- Added warning about performance of FileBasedCache with a large number of files.
Co-authored-by: sheenarbw <699166+sheenarbw@users.noreply.github.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Backport of 1eb94bc8da from main
2023-02-13 21:09:55 +01:00
Sota Tabu 8cc5caa113 [4.2.x] Fixed #34318 -- Added release note for 4bfe8c0eec.
Backport of 3e9d413231 from main
2023-02-13 14:13:16 +01:00
sarahboyce 5510a12c90 [4.2.x] Fixed #34316 -- Fixed layout of admin password change forms and help texts.
Regression in 96a598356a.

Backport of e678046681 from main
2023-02-13 11:52:09 +01:00
Mariusz Felisiak 111273f7ee [4.2.x] Ignored b784768eef formatting changes in git blame. 2023-02-10 21:13:53 +01:00
Carlton Gibson b784768eef [4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.

Backport of 534ac48297 from main.
2023-02-10 21:12:06 +01:00
dennisvang 4a89aa25c9 [4.2.x] Fixed #34325 -- Corrected wording in PercentRank() docs.
This is consistent with the terminology used for the percent_rank()
function in SQLite docs and PostgreSQL docs.

Backport of 7bb741d787 from main
2023-02-10 19:07:24 +01:00
Dhanush a0623b117c [4.2.x] Fixed #32813 -- Made runserver display port after binding.
Thanks Florian Apolloner for the review.

Backport of a18d20ca97 from main
2023-02-10 09:55:35 +01:00
p0lygun aaacf72c4c [4.2.x] Fixed #34324 -- Mentioned Discord server in contributing index.
Backport of 358792486e from main
2023-02-10 06:21:04 +01:00
Willem Van Onsem 7a88b1f5aa [4.2.x] Fixed #34311 -- Updated serialization docs from unique_together to UniqueConstraint.
Backport of 292aacaf6c from main
2023-02-09 05:56:31 +01:00
Carlton Gibson efe16fd72a [4.2.x] Added missing vars to AdminSite.each_context() docs.
Backport of 1964e4367f from main
2023-02-08 18:00:37 +01:00
Mariusz Felisiak 836ae73a89 [4.2.x] Fixed #34319 -- Fixed Model.validate_constraints() crash on ValidationError with no code.
Thanks Mateusz Kurowski for the report.

Regression in 667105877e.
Backport of 2fd755b361 from main
2023-02-08 16:39:53 +01:00
Bakdolot 1f193f7f56 [4.2.x] Fixed #34315 -- Preserved admin changelist filters on "Close" button.
Backport of 325c44ac6c from main
2023-02-08 10:21:40 +01:00
Youngkwang Yang b17fad46fb [4.2.x] Fixed #34313 -- Updated thousands separator for Spanish (ES) locale.
Format was updated from a comma to a space in 2010.

ref: https://en.wikipedia.org/wiki/Decimal_separator#Examples_of_use
Backport of 9f20f382ca from main
2023-02-08 09:39:10 +01:00
Tim Schilling 757c456d23 [4.2.x] Fixed #34146 -- Added 3rd-party lib tutorial step.
Added a tutorial step that highlights Django Debug Toolbar, on of the
most common third party packages. It also added a mention of
djangopackages.com as a place to search for other libraries and a
link to Adam Johnson’s post on evaluating whether a package is
well-maintained.

Third-party packages are one of Django’s strengths. This should give
folks a sound route in.

Backport of 7715c9fef5 and
1df7814e4b from main
2023-02-07 20:22:11 +01:00
Nils VAN ZUIJLEN e8a39da396 [4.2.x] Fixed #34285 -- Fixed index/slice lookups on filtered aggregates with ArrayField.
Thanks Simon Charette for the review.

Backport of ae1fe72e9b from main
2023-02-07 14:06:08 +01:00
Jacob Walls 714d59d57f [4.2.x] Fixed #33638 -- Fixed GIS lookups crash with geography fields on PostGIS.
Backport of 4403432b75 from main
2023-02-07 12:24:24 +01:00
Carlton Gibson 600b88db4c [4.2.x] Added stub release notes for 4.0.10 and 3.2.18.
Set date for 4.1.7 release.

Backport of 7e003428f9 from main
2023-02-07 10:10:22 +01:00
Marcelo Galigniana 9306a8d18f [4.2.x] Fixed #34310 -- Added deletion example to one-to-one topic.
Backport of 7c6195ef81 from main
2023-02-07 08:05:17 +01:00
Frederic Mheir d70b2a88e8 [4.2.x] Fixed #34301 -- Made admin's submit_row check add permission for "Save as new" button.
Backport of 2878938626 from main
2023-02-07 07:31:51 +01:00
Dan Glass edbc9d11ff [4.2.x] Made PostgreSQL's SchemaEditor._create_index_sql() respect the "sql" argument.
Backport of bd366ca2ae from main
2023-02-06 14:13:09 +01:00
Mariusz Felisiak 9a1848f48c
[4.2.x] Increased the default PBKDF2 iterations for Django 4.2.
See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2.

Thanks Markus Holtermann for the report.
2023-02-04 13:36:06 +01:00
Adam Johnson beaa5f31e1 [4.2.x] Fixed #34259 -- Passed called_from_command_line to command subparsers.
Backport of 017fa23d3b from main
2023-02-03 07:54:15 +01:00
skidipap db0e10c037 [4.2.x] Fixed #34286 -- Fixed admindocs markups for case-sensitive template/view names.
Backport of 1250483ebf from main
2023-02-02 14:48:10 +01:00
Mariusz Felisiak 0b6797eedd [4.2.x] Improved error message for ASCIIUsernameValidator.
Follow up to 10bb21e71e.

Co-authored-by: Paolo Melchiorre <paolo@melchiorre.org>

Backport of c626173833 from main
2023-02-02 10:08:02 +01:00
Mariusz Felisiak ba7d8ac37d [4.2.x] Added stub release notes for 4.1.7.
Backport of f3c89744cc from main
2023-02-01 13:22:00 +01:00
Mariusz Felisiak 379b37171b [4.2.x] Added CVE-2023-23969 to security archive.
Backport of 36e3eef7d5 from main
2023-02-01 12:10:03 +01:00
Mariusz Felisiak d6d30b9697 [4.2.x] Ignored 80aae83439 formatting changes in git blame. 2023-02-01 11:37:53 +01:00
David Smith 80aae83439 [4.2.x] Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0

Backport of 097e3a70c1 from main
2023-02-01 11:37:29 +01:00
Nick Pope 8a7b22d4a6 [4.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:45:07 +01:00
sag᠎e 5e0be0873c [4.2.x] Fixed #34304 -- Made MySQL's SchemaEditor.remove_constraint() don't create foreign key index when unique constraint is ignored.
Regression in b731e88415.
Backport of 110b3b8356 from main
2023-01-31 11:52:44 +01:00
Durval Carvalho af396ce3f9 [4.2.x] Fixed #34180 -- Added note about resetting language in test tear-downs.
Co-authored-by: Faris Naimi <farisfaris66@gmail.com>

Backport of 40217d1a82 from main
2023-01-31 07:29:21 +01:00
Stanislav Volyk 7217c11eba [4.2.x] Fixed #34283 -- Escaped title in admin's changelist filters.
Regression in 27aa7035f5.

Backport of 20a0850099 from main
2023-01-30 11:58:06 +01:00
fschwebel 5159e05e40 [4.2.x] Fixed typo in docs/topics/auth/passwords.txt.
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
Backport of 0265b1b49b from main
2023-01-30 08:32:13 +01:00
Sarah Boyce 4bf3d6dec2 [4.2.x] Fixed #28054 -- Made runserver not return response body for HEAD requests.
Co-authored-by: jannschu <jannik.schuerg@posteo.de>
Backport of 8acc433e41 from main
2023-01-27 21:50:40 +01:00
Mariusz Felisiak d42e47f572 [4.2.x] Refs #34255 -- Skipped test_group_by_nested_expression_with_params test on PostgreSQL when server-side binding cursors are used.
Thanks Tim Graham for the review.
Backport of 82dad11bfe from main
2023-01-27 21:29:47 +01:00
Raj Desai f210ad1b98 [4.2.x] Fixed #34254 -- Fixed return value of Exists() with empty queryset.
Thanks Simon Charette for reviews.

Backport of 246eb4836a from main
2023-01-26 20:25:18 +01:00
Simon Sawicki 9eae81724d [4.2.x] Fixed #34294 -- Protected django.core.files.locks against argtypes redefinition on Windows.
Backport of 7eb5391b71 from main
2023-01-26 19:40:57 +01:00
Mariusz Felisiak 719a14badc [4.2.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
Thanks Dan F for the report.

Bug in 667105877e.
Backport of 2b1242abb3 from main
2023-01-26 09:32:14 +01:00
Carlton Gibson d43fbdf6f1 [4.2.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of d8e1442ce2 from main
2023-01-25 12:26:40 +01:00
Carlton Gibson 50432e3fd5 [4.2.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
Backport of 1df963ad24 from main
2023-01-25 11:58:35 +01:00
Stephen d9d9534466 [4.2.x] Corrected passenv value for tox 4.0.6+.
Backport of 34b3288149 from main
2023-01-25 06:10:35 +01:00
朱穆穆 f23a85337a [4.2.x] Fixed #34227 -- Fixed QuerySet.select_related() with multi-level FilteredRelation.
Backport of d3c93cdc59 from main
2023-01-24 10:52:01 +01:00
Matt Westcott b332a96cd7 [4.2.x] Fixed #34192 -- Preserved callable storage when it returns default_storage.
Backport of ef85b6bf0b from main
2023-01-23 11:14:57 +01:00
Claude Paroz 0fd5d16c22 [4.2.x] Fixed #34278 -- Made translatable string plural-aware in SelectFilter2.js.
Bug in be63c78760.

Backport of e3a4cee081 from main
2023-01-23 06:38:49 +01:00