p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
30,637 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

4210 Commits

Author SHA1 Message Date
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
 2022-04-11 08:59:33 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9.
 2022-04-11 07:37:30 +02:00
Carlton Gibson 9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00
sarahboyce 65effbdb10 Fixed #33471 -- Made AlterField operation a noop when changing "choices". 
This also allows customizing attributes of fields that don't affect
a column definition.
 2022-04-06 13:05:57 +02:00
Baptiste Mispelon 50e1e7ef8e Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset. 
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
 2022-04-06 07:58:52 +02:00
Mariusz Felisiak 78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
David c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00
Mariusz Felisiak fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods." 
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cf.

Regression in 0c71e0f9cf.
 2022-03-30 07:31:56 +02:00
Carlton Gibson 59ab3fd0e9 Refs #32365 -- Deprecated django.utils.timezone.utc. 2022-03-29 14:47:44 +02:00
Alokik Vijay baf9604ed8 Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs. 
Thanks Florian Apolloner for the review and implementation idea.
 2022-03-29 10:27:40 +02:00
Mariusz Felisiak 83c803f161
Updated Oracle docs links to Oracle 21c. 2022-03-29 09:41:57 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests. 
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-03-29 06:42:14 +02:00
adontz 2bee0b4328 Fixed #7497 -- Allowed overriding the order of apps and models in admin. 2022-03-25 10:33:44 +01:00
Mariusz Felisiak 94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin. 2022-03-24 17:41:53 +01:00
Thomas Schmidt 1cf60ce601 Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value. 2022-03-23 19:33:36 +01:00
Mariusz Felisiak 39ae8d740e
Added missing backticks to function names. 2022-03-17 11:10:03 +01:00
Mariusz Felisiak be80aa55ec
Removed outdated handling of length parameter to If-Modified-Since header. 
The length parameter is not described in RFC-7232 and it's against
HTTP/1.0 and HTTP/1.1 specifications. It was an old and unofficial
extension set by some ancient versions of IE.
 2022-03-15 13:07:44 +01:00
Mariusz Felisiak 6ffe48b8e4
Moved log_response() release notes into backwards incompatible changes section. 
Follow up to 90cf963264.
 2022-03-11 22:16:46 +01:00
Adrian Torres d90e34c61b Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. 2022-03-10 12:57:19 +01:00
David Smith 67b5f506a6
Changed some words to use inline markup. 2022-03-10 10:18:31 +01:00
Luke Plant ae2da5ba65 Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the max_age argument. 2022-03-07 07:57:14 +01:00
Ryan Heard c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Carlton Gibson 9652a118ce Added stub release notes for Django 4.0.4. 2022-03-01 09:58:35 +01:00
Carlton Gibson 47143e27d4 Updated release date for version 4.0.3. 2022-03-01 09:32:18 +01:00
Mariusz Felisiak 445b075def
Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin. 
Regression in de95c82667.

Thanks David Glenck for the report.
 2022-03-01 08:09:58 +01:00
Albert Defler 2b6a3baebe Fixed #31486 -- Deprecated passing unsaved objects to related filters. 
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
 2022-02-25 07:51:37 +01:00
Shubh1815 11cc227344 Fixed #33267 -- Added link to related item to related widget wrapper in admin. 2022-02-25 06:33:05 +01:00
Claude Paroz eabc22f919
Fixed #33328 -- Transformed formset:added/removed to native JS events. 2022-02-23 10:33:07 +01:00
David Wobrock 7c318a8bdd Fixed #27844 -- Added optimizemigration management command. 2022-02-22 10:30:40 +01:00
Albert Defler 7ba6ebe914 Fixed #19580 -- Unified behavior of reverse foreign key and many-to-many relations for unsaved instances. 2022-02-22 09:16:40 +01:00
Theo Alexiou 659d2421c7 Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects. 2022-02-21 10:11:26 +01:00
Hasan Ramezani 9ac3ef59f9 Fixed #33379 -- Added minimum database version checks. 
Thanks Tim Graham for the review.
 2022-02-18 13:37:49 +01:00
Mariusz Felisiak 1e2e1be02b
Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting. 
Thanks Chris Lee for the report.

Regression in 4328970780.

Refs #23916.
 2022-02-16 21:09:24 +01:00
Carlton Gibson d113b5a837 Refs #33476 -- Made management commands use black. 
Run black on generated files, if it is available on PATH.
 2022-02-11 12:23:26 +01:00
Theo Alexiou f9ec777a82 Fixed #26287 -- Added support for addition operations to SimpleLazyObject. 2022-02-10 11:24:51 +01:00
Claude Paroz 4c76ffc2d6 Fixed #29490 -- Added support for object-based Media CSS and JS paths. 2022-02-10 08:48:27 +01:00
Carlton Gibson ba94488196 Refs #33476 -- Adjusted docs and config files for Black. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-02-07 20:36:04 +01:00
David Smith 770d3e6a4c
Fixed typo in release notes. 2022-02-02 07:17:57 +01:00
tschilling 0dcd549bbe Fixed #30360 -- Added support for secret key rotation. 
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
 2022-02-01 11:12:24 +01:00
Mariusz Felisiak ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak 9e0df0d6dd Added CVE-2022-22818 and CVE-2022-23833 to security archive. 2022-02-01 08:17:25 +01:00
Mariusz Felisiak fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.
 2022-02-01 07:41:40 +01:00
Markus Holtermann 394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:40:51 +01:00
Kirill Safronov 97a7274468 Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d.
 2022-02-01 07:01:41 +01:00
Mariusz Felisiak 71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
 2022-01-31 11:33:24 +01:00
Claude Paroz beb7ddbcee Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.

Forwardport of 7a1c6533eb from stable/4.0.x.
 2022-01-29 19:01:15 +01:00
vgolubev e87f57fdb8 Fixed #26142 -- Allowed model formsets to prevent new object creation. 
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.

Co-authored-by: parth <parthvin@gmail.com>
 2022-01-27 20:45:21 +01:00
Mariusz Felisiak e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce.
 2022-01-27 18:51:39 +01:00
Carlton Gibson 85f2a9fb0f Fixed #33407 -- Fixed .radiolist admin CSS. 
Regression in 5942ab5eb1.
 2022-01-26 09:26:48 +01:00
Mariusz Felisiak 34aba9c06e
Fixed typo in docs/releases/4.1.txt. 2022-01-25 10:57:05 +01:00