66cc97c6b3
[3.2.x] Added stub release notes for Django 3.2.5.
...
Backport of ba10772bf6
2021-06-02 11:26:00 +02:00
1aa7bcf482
[3.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.
...
Backport of a39f235ca4
2021-06-02 11:16:43 +02:00
9f75e2e562
[3.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:44:39 +02:00
dfaba12cda
[3.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:44:39 +02:00
aed1409558
[3.2.x] Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.
...
Backport of f66ae7a2d5
2021-06-02 10:20:17 +02:00
bf08609501
[3.2.x] Fixed typo in docs/internals/contributing/writing-code/coding-style.txt.
...
Backport of 1443b5e9ac
2021-06-02 08:15:41 +02:00
94675a7633
[3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191de703b152c6
2021-06-01 15:13:10 +02:00
b2ff1655fc
[3.2.x] Fixed typo in MiddlewareMixin deprecation note.
...
Backport of e513fb0e77
2021-05-27 06:54:00 +02:00
246a31a843
[3.2.x] Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c512b19a1d76
2021-05-26 11:20:05 +02:00
4ba4c07e4e
[3.2.x] Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
...
Backport of b46dbd4e3e
2021-05-26 10:17:27 +02:00
c0d506f5ef
[3.2.x] Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
...
Backport of 68357b2ca9
2021-05-26 10:08:58 +02:00
143d2a4bbf
[3.2.x] Changed IRC references to Libera.Chat.
...
Backport of 66491f08fe
2021-05-20 12:25:07 +02:00
a0782f50d4
[3.2.x] Fixed note about ISP caching in docs.
...
Regression in 7aabd6238031b6ce9ff9
2021-05-20 11:24:26 +02:00
d5c675ac7c
[3.2.x] Added note about culling in database cache backend docs.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Backport of 6e155d280d
2021-05-20 07:02:56 +02:00
33dec7b13b
[3.2.x] Doc'd that HttpRequest.path doesn't contain a query string.
...
Backport of fa4e963ee7
2021-05-19 11:58:35 +02:00
a173202dd4
[3.2.x] Fixed #32740 -- Caught possible exception when initializing colorama.
...
Backport of c2e6047c72
2021-05-19 11:16:13 +02:00
d743c37326
[3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt.
...
Backport of dacc307d93
2021-05-19 07:29:23 +02:00
41e2aa7eb2
[3.2.x] Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4958cdf65ae
2021-05-18 20:23:26 +02:00
349bb58b8a
[3.2.x] Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
...
Regression in b5e12d490aa24fed399c
2021-05-18 13:20:55 +02:00
65b680a99a
[3.2.x] Fixed #32755 -- Corrected Model.get_absolute_url() example in docs.
...
Backport of 27d4573d35
2021-05-18 11:31:03 +02:00
ce78bc9808
[3.2.x] Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
...
Regression in ba31b01034f7691d4812
2021-05-18 09:58:49 +02:00
cb91b2d9e3
[3.2.x] Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.
...
Backport of c156e36955
2021-05-17 12:16:09 +02:00
55b89e8cac
[3.2.x] Refs #32720 -- Fixed some broken links in docs.
...
Backport of 7c4ee487c7
2021-05-17 12:14:20 +02:00
0c19b075b2
[3.2.x] Refs #32720 -- Used full hashes in security archive.
...
Backport of 1c3bbcf802
2021-05-17 12:13:57 +02:00
f844c0c33a
[3.2.x] Corrected commit hashes for security patches.
...
Backport of df5c96299a
2021-05-17 12:13:44 +02:00
80cf193d32
[3.2.x] Refs #32720 -- Used :commit: and :source: role in old release notes.
...
Backport of 8c4caee76a
2021-05-17 12:13:31 +02:00
1037825eed
[3.2.x] Added stub release notes for Django 3.2.4.
...
Backport of 820408d842
2021-05-13 09:45:39 +02:00
224b8e5a5a
[3.2.x] Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691b55699968f
2021-05-13 08:55:00 +02:00
386caa5445
[3.2.x] Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
...
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdcb81c7562fc
2021-05-13 07:53:56 +02:00
d6b6eda4ed
[3.2.x] Fixed #26721 -- Doc'd setting UTF-8 on Windows.
...
Backport of 0456d3e427
2021-05-12 20:46:31 +02:00
4318e60a80
[3.2.x] Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
...
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
Backport of 1061f52436
2021-05-12 13:35:13 +02:00
cd84f7acfa
[3.2.x] Refs #32366 -- Avoided use of datetime.utcnow() in the documentation.
...
Backport of 69ffb1acf3
2021-05-12 12:12:28 +02:00
fab710d3ff
[3.2.x] Fixed a typo in docs/ref/models/fields.txt.
...
datetime.date.utcnow() doesn't exist, should be .today().
Backport of 88b3982af3
2021-05-12 12:12:10 +02:00
dc7b495dae
[3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes.
...
Backport of d1f1417cae
2021-05-12 10:42:32 +02:00
bdd565422d
[3.2.x] Fixed typo in docs/internals/contributing/writing-documentation.txt.
...
Backport of c240ceea7d
2021-05-06 20:02:11 +02:00
8afb677ce7
[3.2.x] Added stub release notes for Django 3.2.3.
...
Backport of 29779075d7
2021-05-06 10:11:32 +02:00
0262579f2e
[3.2.x] Added CVE-2021-32052 to security archive.
...
Backport of efebcc429f
2021-05-06 10:03:45 +02:00
2d2c1d0c97
[3.2.x] Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603e1e81aa1c4
2021-05-06 08:48:22 +02:00
364098fdac
[3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b659430596f55ccf79
2021-05-05 08:44:37 +02:00
df801dde33
[3.2.x] Added CVE-2021-31542 to security archive.
...
Backport of 607ebbfba962b2e8b37e
2021-05-04 11:10:50 +02:00
04d8ed3660
[3.2.x] Added stub release notes for Django 3.2.2.
...
Backport of 5a43cfe245
2021-05-04 11:02:11 +02:00
c98f446c18
[3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:43:52 +02:00
8e1900d4f3
[3.2.x] Added spelling option to make.bat.
...
Backport of 7582d913e7
2021-04-30 14:09:59 +02:00
ce130749d5
[3.2.x] Refs #32178 -- Doc'd DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide.
...
Backport of ca34db4650
2021-04-29 20:56:08 +02:00
bac416972d
[3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated.
...
Backport of 907d3a7ff4
2021-04-29 15:14:15 +02:00
d716d30a19
[3.2.x] Refs #32694 -- Clarified when colorama requirement is needed in Windows how-to.
...
Backport of 4f128fcf5d
2021-04-29 11:27:39 +02:00
263ee4434f
[3.2.x] Corrected introduction to range field lookups docs.
...
Follow up to 24b9f5082368e876c095
2021-04-28 20:35:28 +02:00
d5add5d3a2
[3.2.x] Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdcc8b6594305
2021-04-28 20:27:42 +02:00
55cb3c8ac1
[3.2.x] Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb8766e742dabc9
2021-04-27 12:02:06 +02:00
34981f399a
[3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a11871182031
2021-04-27 10:39:55 +02:00
Carlton Gibson
Mariusz Felisiak
Florian Apolloner
Jacob Walls
Nick Pope
Hasan Ramezani
Ben Sturmfels
Mike Lissner
David D Lowe
David Sanders
Rust Saiargaliev
Girish Sontakke
Slava Skvortsov
Simon Charette
David Smith
Susan Wright
Carlton Gibson
Adam Johnson
Konstantin Alekseev