p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
32,889 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

286 Commits

Author SHA1 Message Date
Mariusz Felisiak 78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
Carlton Gibson 9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Mariusz Felisiak ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Carlton Gibson f38c66b555 Added stub release notes for Django 4.0.2. 2022-01-04 11:10:53 +01:00
Carlton Gibson b13d920b7b Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 2021-12-28 08:47:33 +01:00
Mariusz Felisiak adef3d975e Added stub release notes for 4.0.1. 2021-12-07 10:41:32 +01:00
Mariusz Felisiak ae4077e13e Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 2021-11-30 11:25:00 +01:00
Mariusz Felisiak d811fa1d10 Added stub release notes for Django 3.2.10. 2021-11-01 10:41:06 +01:00
Carlton Gibson c113f7fb0d Added stub release notes for Django 3.2.9. 2021-10-05 09:39:20 +02:00
Mariusz Felisiak 810bca5a1a Added stub release notes for 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Carlton Gibson 947bdec60c Added stub release notes for Django 3.2.7. 2021-08-02 08:41:29 +02:00
Mariusz Felisiak bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak 8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
Carlton Gibson ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Mariusz Felisiak 820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 2021-05-13 08:53:44 +02:00
Mariusz Felisiak 29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
 2021-05-06 08:45:23 +02:00
Carlton Gibson 5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Carlton Gibson df0a9e6d5c Added stub release notes for Django 3.2.1. 2021-04-06 11:49:48 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
 2021-04-06 08:15:17 +02:00
Mariusz Felisiak e0f82d7992 Added stub release notes for 3.1.8. 2021-02-25 20:27:10 +01:00
Nick Pope 0ad9fa02e0 Refs CVE-2021-23336 -- Updated tests and release notes for affected versions. 2021-02-19 09:03:06 +01:00
Mariusz Felisiak 8d3c3a5717 Added stub release notes for 3.1.7. 2021-02-01 10:51:16 +01:00
Mariusz Felisiak 05413afa8c Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.
 2021-02-01 09:07:36 +01:00
Mariusz Felisiak 8774b1144c Added stub release notes for 4.0. 2021-01-14 17:50:04 +01:00
Carlton Gibson 966ed414b2 Added stub release notes for 3.1.6. 2021-01-04 08:58:03 +01:00
Mariusz Felisiak adb40d217e Added stub release notes for 3.1.5. 2020-12-01 07:12:49 +01:00
Carlton Gibson c8785b473f Added stub release notes for 3.1.4. 2020-11-02 09:20:53 +01:00
Mariusz Felisiak e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00
Mariusz Felisiak 85fa24e3eb Added stub release notes for 3.1.3. 2020-10-01 07:52:45 +02:00
Carlton Gibson 7a60670b78 Added stub release notes for 3.1.2. 2020-09-01 10:45:12 +02:00
Mariusz Felisiak 8a5683b6b2 Added stub release notes for 2.2.16 and 3.0.10. 2020-08-11 10:31:44 +02:00
Mariusz Felisiak 6c19230297 Added stub release notes for 3.1.1. 2020-08-04 10:34:38 +02:00
Mariusz Felisiak 240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie(). 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.
 2020-07-16 08:16:58 +02:00
Mariusz Felisiak c2a835703f Added stub release notes for 3.0.9. 2020-07-01 07:00:43 +02:00
Mariusz Felisiak 926148ef01
Fixed #31654 -- Fixed cache key validation messages. 2020-06-05 07:21:52 +02:00
Carlton Gibson 7ec2658e1e Added stub release notes for 3.0.8. 2020-06-03 10:54:29 +02:00
Mariusz Felisiak 50798d4389 Added stub release notes for 2.2.13. 2020-05-14 06:22:54 +02:00
Mariusz Felisiak 3b94f12462 Added stub release notes for 3.2. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak 8e8ff38cb8 Added stub release notes for 3.0.7. 2020-05-04 07:38:35 +02:00
Carlton Gibson a7e4ff370c Added stub release notes for 3.0.6. 2020-04-01 10:09:43 +02:00
Carlton Gibson a4200e958d Added stub release notes for 2.2.12. 2020-03-10 12:01:01 +01:00
Mariusz Felisiak 1b3a900a69 Added stub release notes for 3.0.5. 2020-03-04 10:56:07 +01:00
Mariusz Felisiak 6695d29b1c Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 
Thanks to Norbert Szetei for the report.
 2020-03-04 09:04:50 +01:00
Mariusz Felisiak 7e8339748c Added stub release notes for 2.2.11. 2020-02-10 08:18:58 +01:00
Carlton Gibson 273918c25b Added stub release notes for 3.0.4. 2020-02-03 10:23:54 +01:00
Simon Charette eb31d84532 Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
Mariusz Felisiak 69331bb851 Added stub release notes for 3.0.3. 2020-01-02 08:36:08 +01:00
Mariusz Felisiak 50a69efb2e Added stub release notes for 3.0.2. 2019-12-18 10:51:57 +01:00
Mariusz Felisiak ec12c37384
Refs #31073 -- Added release notes for 02eff7ef60. 2019-12-11 10:07:41 +01:00
Mariusz Felisiak 908c67e719 Added stub release notes for 3.0.1. 2019-12-02 21:43:59 +01:00
Mariusz Felisiak e9def97d10 Added stub release notes for 2.1.15. 2019-11-19 12:33:39 +01:00
Mariusz Felisiak 30359496a3 Added stub release notes for 2.2.8 release. 2019-11-12 14:37:59 +01:00
Mariusz Felisiak 84322a29ce Added stub release notes for 1.11.26 and 2.1.14. 2019-10-02 07:49:47 +02:00
Carlton Gibson e1c1eaf0c6 Added stub release notes for 2.2.7. 2019-10-01 10:43:30 +02:00
Mariusz Felisiak bd7e0f81f8 Added stub release notes for 1.11.25 and 2.1.13. 2019-09-16 07:37:47 +02:00
Mariusz Felisiak 32796826bb Added stub release notes for 3.1. 2019-09-10 12:00:56 +02:00
Mariusz Felisiak 0d4529d314 Added stub release notes for 2.2.6. 2019-09-04 08:02:32 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
 2019-08-14 15:25:35 +02:00
Mariusz Felisiak 1af469e67f Added stub release notes for 2.2.5. 2019-08-02 20:32:21 +02:00
Carlton Gibson f13147c8de Added stub release notes for security releases. 2019-07-25 10:49:30 +02:00
Mariusz Felisiak 08e69cad9c Added stub release notes for 2.2.4. 2019-07-09 07:39:35 +02:00
Mariusz Felisiak 30b3ee9d0b Added stub release notes for security releases. 2019-07-01 06:57:27 +02:00
Mariusz Felisiak 1f81e2df69 Added stub release notes for 2.2.3. 2019-06-05 06:57:44 +02:00
Carlton Gibson 98c0fe19ee Added stub release notes for security releases. 2019-06-03 10:48:52 +02:00
Mariusz Felisiak 30dd43884e
Added stub release notes for 2.2.2. 2019-05-08 14:41:16 +02:00
Mariusz Felisiak e6588aa4e7
Added stub release notes for 2.2.1. 2019-04-03 08:26:05 +02:00
Tim Graham e245046bb6 Added stub 2.1.8 release notes. 2019-03-30 12:55:30 -04:00
Tim Graham 1b8f552b08 Refs #30177 -- Forwardported 2.0.13 release notes. 2019-02-11 15:45:04 -05:00
Carlton Gibson b39bd0aa6d
Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 2019-02-11 15:46:33 +01:00
Carlton Gibson 5cc6f02f91 Added stub release notes for security releases. 2019-02-07 15:46:53 +01:00
Tim Graham eb0ce6fa36 Added stub release notes for 3.0. 2019-01-17 10:50:25 -05:00
Tim Graham 36fceeec88 Added stub 2.1.6 release notes. 2019-01-08 08:57:22 -05:00
Tom Hacohen 1ecc0a395b Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 
Co-Authored-By: Tim Graham <timograham@gmail.com>
 2019-01-03 21:21:55 -05:00
Carlton Gibson 196b420fcb Added stub release notes for 2.1.5 release. 2018-12-04 16:21:38 +01:00
Carlton Gibson 74ddd0e83b Added stub release notes for 2.1.4 release. 2018-11-01 15:48:28 +01:00
Carlton Gibson dc28c0faf3 Added stub release notes for 2.1.3 release. 2018-10-01 11:48:11 +02:00
Carlton Gibson 2e86710dac Added stub release notes for 2.0.10 release. 2018-10-01 11:46:38 +02:00
Carlton Gibson 7040e638b9 Added stub release notes for 1.11.17 release. 2018-10-01 11:44:36 +02:00
Carlton Gibson 728ee98cd3 Added stub release notes for 2.1.2. 2018-08-31 11:01:29 +02:00
Michael Sanders 271542dad1 Fixed #29499 -- Fixed race condition in QuerySet.update_or_create(). 
A race condition happened when the object didn't already exist and
another process/thread created the object before update_or_create()
did and then attempted to update the object, also before update_or_create()
saved the object. The update by the other process/thread could be lost.
 2018-08-02 17:07:48 -04:00
Tim Graham 25dd595742 Added stub release notes for 2.1.1. 2018-08-01 11:13:37 -04:00
Tim Graham 7dbe7aa0b6 Added stub release notes for security releases. 2018-08-01 09:28:42 -04:00
Tim Graham 2c3f198946 Added stub release notes for 2.0.8. 2018-07-03 20:05:53 -04:00
Carlton Gibson acae120680 Added stub release notes for 2.0.6. 2018-06-08 08:40:04 +02:00
Tim Graham 8a6fcfdc77 Added stub release notes for 1.11.14. 2018-05-31 10:15:39 -04:00
Tim Graham 74a313942c Added stub 2.2 release notes. 2018-05-17 11:05:40 -04:00
Tim Graham c02953ebbc Added stub release notes for 2.0.6. 2018-05-01 22:01:48 -04:00
Tim Graham b2678468ae Added stub release notes for 1.11.13. 2018-04-03 15:03:44 -04:00
Tim Graham 87639adcd1 Added stub release notes for 2.0.5. 2018-04-02 23:05:29 -04:00
Tim Graham 8d67c7cffd Added stub release notes for 1.11.12. 2018-03-19 09:49:16 -04:00
Tim Graham f0d6f01fbe Added stub release notes for 2.0.4. 2018-03-06 13:25:20 -05:00
Tim Graham 4d2a2c83c7 Added stub release notes for security releases. 2018-03-06 08:30:34 -05:00
Simon Charette 7515e1f3fc Added stub release notes for 2.0.3. 2018-02-05 10:12:47 -05:00
Tim Graham cea5fe94c6 Added stub release notes for 1.11.10. 2018-01-13 09:18:13 -05:00