p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
31,561 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

255 Commits

Author SHA1 Message Date
Mariusz Felisiak 9a07999aef Added stub release notes for 4.1.8. 2023-03-06 17:31:26 +01:00
Carlton Gibson 7e003428f9 Added stub release notes for 4.0.10 and 3.2.18. 
Set date for 4.1.7 release.
 2023-02-07 10:08:21 +01:00
Mariusz Felisiak f3c89744cc Added stub release notes for 4.1.7. 2023-02-01 13:18:34 +01:00
Carlton Gibson d8e1442ce2 Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 12:26:00 +01:00
Carlton Gibson 1df963ad24 Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 11:57:04 +01:00
Mariusz Felisiak ea92a4dc28 Added stub release notes for 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak 75500feecd Added stub release notes for 4.1.6. 2023-01-02 08:50:33 +01:00
Carlton Gibson 845a5db38f Added stub release notes for 4.1.5. 2022-12-06 10:20:27 +01:00
Mariusz Felisiak c765b62e32 Added stub release notes for 4.1.4. 2022-11-01 07:27:30 +01:00
Carlton Gibson 7a08927323 Added stub release notes for 4.1.3 release. 2022-10-04 09:49:23 +02:00
Carlton Gibson c2bc71b635 Set date and added stub notes for 4.1.2, 4.0.8, and 3.2.16 releases. 2022-09-27 09:44:47 +02:00
Mariusz Felisiak 604fadde11 Added stub release notes for 4.1.2. 2022-09-05 06:02:40 +02:00
Carlton Gibson 09e837c5d9 Added stub release notes for 4.1.1. 2022-08-03 10:52:38 +02:00
Carlton Gibson 0c1675781e Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 2022-07-27 09:23:40 +02:00
Mariusz Felisiak c6932ea2ea Added stub release notes for 4.0.7. 2022-07-04 10:06:07 +02:00
Mariusz Felisiak b2eff16806 Added stub release notes and release date for 4.0.6 and 3.2.14. 2022-06-27 07:13:26 +02:00
Carlton Gibson d5bc362030 Added stub release notes for 4.0.6. 2022-06-01 14:36:22 +02:00
Carlton Gibson d10e569ea5 Added stub release notes for 4.2. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak 78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
Carlton Gibson 9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Mariusz Felisiak ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Carlton Gibson f38c66b555 Added stub release notes for Django 4.0.2. 2022-01-04 11:10:53 +01:00
Carlton Gibson b13d920b7b Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 2021-12-28 08:47:33 +01:00
Mariusz Felisiak adef3d975e Added stub release notes for 4.0.1. 2021-12-07 10:41:32 +01:00
Mariusz Felisiak ae4077e13e Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 2021-11-30 11:25:00 +01:00
Mariusz Felisiak d811fa1d10 Added stub release notes for Django 3.2.10. 2021-11-01 10:41:06 +01:00
Carlton Gibson c113f7fb0d Added stub release notes for Django 3.2.9. 2021-10-05 09:39:20 +02:00
Mariusz Felisiak 810bca5a1a Added stub release notes for 4.1. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak af10e97531 Added stub release notes for Django 3.2.8. 2021-09-01 09:48:32 +02:00
Carlton Gibson 947bdec60c Added stub release notes for Django 3.2.7. 2021-08-02 08:41:29 +02:00
Mariusz Felisiak bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak 8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
Carlton Gibson ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Mariusz Felisiak 820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 2021-05-13 08:53:44 +02:00
Mariusz Felisiak 29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
 2021-05-06 08:45:23 +02:00
Carlton Gibson 5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Carlton Gibson df0a9e6d5c Added stub release notes for Django 3.2.1. 2021-04-06 11:49:48 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
 2021-04-06 08:15:17 +02:00
Mariusz Felisiak e0f82d7992 Added stub release notes for 3.1.8. 2021-02-25 20:27:10 +01:00
Nick Pope 0ad9fa02e0 Refs CVE-2021-23336 -- Updated tests and release notes for affected versions. 2021-02-19 09:03:06 +01:00
Mariusz Felisiak 8d3c3a5717 Added stub release notes for 3.1.7. 2021-02-01 10:51:16 +01:00
Mariusz Felisiak 05413afa8c Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.
 2021-02-01 09:07:36 +01:00
Mariusz Felisiak 8774b1144c Added stub release notes for 4.0. 2021-01-14 17:50:04 +01:00
Carlton Gibson 966ed414b2 Added stub release notes for 3.1.6. 2021-01-04 08:58:03 +01:00