Mariusz Felisiak
9e0df0d6dd
Added CVE-2022-22818 and CVE-2022-23833 to security archive.
2022-02-01 08:17:25 +01:00
Mariusz Felisiak
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Markus Holtermann
394517f078
Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
...
Thanks Keryn Knight for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Kirill Safronov
97a7274468
Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
...
Regression in aa4acc164d
.
2022-02-01 07:01:41 +01:00
Mariusz Felisiak
71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
...
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
Claude Paroz
beb7ddbcee
Updated translations from Transifex.
...
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
Forwardport of 7a1c6533eb
from stable/4.0.x.
2022-01-29 19:01:15 +01:00
Keryn Knight
55022f75c1
Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.
...
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.
Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
2022-01-29 13:50:34 +01:00
Mariusz Felisiak
67db54a5a7
Fixed #33452 -- Fixed admin change-form layout for submit buttons on mid-sized displays.
...
Thanks David Smith for reviews.
2022-01-29 11:59:08 +01:00
Keryn Knight
c5c7a15b09
Fixed #33461 -- Escaped template errors in the technical 500 debug page.
2022-01-28 07:07:12 +01:00
Thomas Aglassinger
3a9b8b25d4
Fixed #33459 -- Clarified index type in full text search docs.
2022-01-28 06:36:39 +01:00
vgolubev
e87f57fdb8
Fixed #26142 -- Allowed model formsets to prevent new object creation.
...
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.
Co-authored-by: parth <parthvin@gmail.com>
2022-01-27 20:45:21 +01:00
Jörg Breitbart
0af9a5fc7d
Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions.
2022-01-27 19:03:26 +01:00
Mariusz Felisiak
e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
...
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.
Thanks bcail for the report.
Regression in 325d7710ce
.
2022-01-27 18:51:39 +01:00
Mariusz Felisiak
2eed554c3f
Fixed wrapping of long messages in the admin.
2022-01-26 21:14:13 +01:00
Carlton Gibson
d15a10afb5
Adjusted CBV resolver_match example in testing tools docs.
...
The view_class is available on the view callback, allowing that to be
checked, rather than the __name__.
2022-01-26 20:58:22 +01:00
Mariusz Felisiak
f38c3cbadc
Increased test coverage for django.contrib.gis.gdal.layer.Layer.
2022-01-26 17:47:03 +01:00
Tom Forbes
f97401d1b1
Used GitHub actions for Windows tests.
2022-01-26 12:03:55 +01:00
Kaushik Chintam
1625a8c8eb
Fixed #33048 -- Doc'd that DEBUG static files requests don't use middleware chain.
2022-01-26 11:22:13 +01:00
Carlton Gibson
85f2a9fb0f
Fixed #33407 -- Fixed .radiolist admin CSS.
...
Regression in 5942ab5eb1
.
2022-01-26 09:26:48 +01:00
Ian Foote
a93a1ba347
Fixed broken link to cx_Oracle docs.
2022-01-25 20:14:24 +01:00
Collin Anderson
890bfa368c
Refs #20349 -- Avoided loading testing libraries when not needed.
2022-01-25 11:41:01 +01:00
Mariusz Felisiak
34aba9c06e
Fixed typo in docs/releases/4.1.txt.
2022-01-25 10:57:05 +01:00
Mariusz Felisiak
eeca934238
Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27.
2022-01-25 07:21:57 +01:00
Jacob Walls
edbf930287
Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects.
...
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
2022-01-25 06:12:04 +01:00
Keryn Knight
c27932ec93
Fixed #33460 -- Used VALUES clause for insert in bulk on SQLite.
...
SQLite 3.7.11 introduced the ability to use multiple values directly.
SQLite 3.8.8 made multiple values not subject to the
SQLITE_LIMIT_COMPOUND_SELECT (500).
2022-01-24 20:51:32 +01:00
Mariusz Felisiak
4ac0bf6acd
Fixed wrapping of long values in technical 500 debug page.
...
Follow up to d5f2d5d604
.
2022-01-24 11:54:41 +01:00
Hrushikesh Vaidya
89d137f3be
Fixed #33457 -- Fixed "Local vars" scrolling in technical 500 debug page.
...
Thanks Keryn Knight for the report and the initial patch.
2022-01-24 07:42:52 +01:00
Timothy McCurrach
efb4478e48
Fixed #33458 -- Fixed encoding of messages with empty string as extra_tags.
2022-01-24 07:05:53 +01:00
Claude Paroz
7c4f396509
Stopped including type="text/css" attributes for CSS link tags.
2022-01-22 16:38:14 +01:00
My-Name-Is-Nabil
9dc65263d4
Fixed #33455 -- Improved error message when selenium is not installed.
2022-01-21 21:54:10 +01:00
Jacob Walls
2d8232fa71
Fixed #26760 -- Added --prune option to migrate command.
2022-01-21 17:10:31 +01:00
Fabian Büchler
eeff1787b0
Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
...
Regression in aa4acc164d
.
2022-01-21 06:44:53 +01:00
Mariusz Felisiak
f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1.
2022-01-20 18:54:29 +01:00
Tilak
2c76c27a95
Improved wording in running Django’s test suite in contributing tutorial.
2022-01-20 10:02:47 +01:00
Hrushikesh Vaidya
3fadf141e6
Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.
2022-01-20 07:19:52 +01:00
sean_c_hsu
0f6946495a
Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create().
...
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
2022-01-19 20:17:42 +01:00
Moritz Duchêne
ba9de2e74e
Updated GEOS/GDAL links in docs and comments.
2022-01-19 19:06:12 +01:00
Mariusz Felisiak
4a8ac604b1
Added tests for SpatialReference.to_esri()/from_esri().
2022-01-19 16:03:04 +01:00
Adam Johnson
dc8bb35e39
Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage.
2022-01-18 12:53:14 +01:00
Nick Pope
fac26684fd
Removed unused buf_size argument to LimitedStream().
...
Unused since its introduction in 269e921756
.
2022-01-18 05:55:14 +01:00
Mariusz Felisiak
30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
...
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
My-Name-Is-Nabil
f37face331
Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql().
2022-01-17 09:00:46 +01:00
Brad Solomon
b55ebe3241
Fixed #33443 -- Clarified when PasswordResetView sends an email.
2022-01-17 07:44:46 +01:00
Ayush Joshi
0a17666045
Fixed #28135 -- Made simplify_regex() handle non-capturing groups.
2022-01-14 11:01:02 +01:00
Adam Johnson
fdfa97fb16
Fixed #33441 -- Restored immutability of models.Field.__hash__().
...
Regression in 502e75f9ed
.
2022-01-14 07:00:48 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification.
2022-01-13 20:46:18 +01:00
Ayush Joshi
827bc07047
Refs #28135 -- Refactored out _find_groups()/_get_group_start_end() hooks in admindocs.
2022-01-13 16:33:19 +01:00
Adam Johnson
45a42aabfa
Fixed #29708 -- Deprecated PickleSerializer.
2022-01-13 13:50:20 +01:00
Adam Johnson
c920387fab
Optimized SessionBase.get_expire_at_browser_close().
2022-01-13 13:05:46 +01:00
Adam Johnson
436862787c
Refs #29708 -- Made SessionBase store expiry as string.
2022-01-13 13:05:42 +01:00