Natalia
aa52930687
Added CVE-2024-45230 and CVE-2024-45231 to security archive.
2024-09-03 11:19:02 -03:00
Natalia
60073a3e6b
Added stub release notes for 5.1.2.
2024-09-03 10:01:46 -03:00
Natalia
8c35a0a903
Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
...
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
Sarah Boyce
320dd27412
Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
2024-09-03 09:22:32 -03:00
Adam Johnson
f5ddd54986
Fixed #35704 -- Fixed reduction for AddIndex subclasses.
2024-09-03 12:51:06 +02:00
github-user-en
ad7f8129f3
Added EMAIL_USE_SSL to the 'Core Settings Topical Index' docs.
2024-09-03 10:16:20 +02:00
sanjeevholla26
4470d1f156
Refs #35706 -- Replaced template _('...') usages with translate tag.
2024-09-03 10:16:05 +02:00
Tim Graham
6f9c6678bf
Added assertion for the results of migrating an integer pk to SmallAutoField.
...
Follow up to 7ca42974ee
which did the same for
similar tests.
2024-09-03 08:22:39 +02:00
Jacob Walls
4082a8886e
Fixed #35724 -- Tested migration commands handling of distributed namespace packages.
...
Also increased coverage of module_loading.py.
2024-09-03 08:07:53 +02:00
Alex Fischer
c6a4f853c7
Fixed #35712 -- Prevented Q.check() from leaving the connection in an unusable state.
...
Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-09-02 17:00:55 +02:00
sanjeevholla26
387475c5b2
Refs #35706 -- Prefixed 'Error:' to titles of admin pages with form errors.
...
This improves the screen reader experience.
2024-09-02 15:19:33 +02:00
John Parton
e4a2e22ddb
Fixed #35690 -- Errored nicely when using in_bulk() with a values() or values_list() queryset.
2024-09-02 15:04:52 +02:00
Sarah Boyce
fd1dd76778
Fixed #35716 -- Fixed VariableDoesNotExist when rendering admin fieldsets.
...
Regression in 01ed59f753
.
Thank you to Fábio Domingues and Marijke Luttekes for the report,
and thank you to Natalia Bidart for the review.
2024-08-30 20:49:27 +02:00
Adam Johnson
20d44abb41
Fixed #35700 -- Added AlterModelTable and AlterModelTableComment reductions.
2024-08-30 18:50:12 +02:00
Vaarun Sinha
884ce37479
Fixed #35083 -- Updated method_decorator to handle async methods.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2024-08-30 08:54:49 -03:00
Claude Paroz
2c1f27d0d0
Dropped safeguards against very old versions of gettext.
...
gettext 0.19 was released in 2014.
2024-08-30 13:39:04 +02:00
SaJH
2ff00251f9
Fixed #35669 -- Improved max post-process passes exceeded error message in HashedFilesMixin.
...
Signed-off-by: SaJH <wogur981208@gmail.com>
2024-08-30 10:00:51 +02:00
Hisham Mahmood
2b2a2c0e26
Fixed #35702 -- Removed connection pooling note for mysql drivers.
2024-08-30 09:08:32 +02:00
Sarah Boyce
7380ac5734
Fixed #35688 -- Restored timezone and role setters to be PostgreSQL DatabaseWrapper methods.
...
Following the addition of PostgreSQL connection pool support in
Refs #33497 , the methods for configuring the database role and timezone
were moved to module-level functions. This change prevented subclasses
of DatabaseWrapper from overriding these methods as needed, for example,
when creating wrappers for other PostgreSQL-based backends.
Thank you Christian Hardenberg for the report and to
Florian Apolloner and Natalia Bidart for the review.
Regression in fad334e1a9
.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-28 19:25:07 -03:00
Adam Johnson
26a67943ac
Removed outdated note about lack of subquery support in MySQL.
2024-08-28 15:55:30 -03:00
Jacob Walls
920efe503f
Fixed typos in docs/howto/initial-data.txt.
2024-08-28 15:24:07 -03:00
Simon Charette
57307bbc7d
Fixed #35666 -- Documented stacklevel usage and testing, and adjusted test suite accordingly.
...
Over the years we've had multiple instances of hit and misses when
emitting warnings: either setting the wrong stacklevel or not setting
it at all.
This work adds assertions for the existing warnings that were declaring
the correct stacklevel, but were lacking tests for it.
2024-08-28 11:44:05 -03:00
Simon Charette
39abd56a7f
Refs #35405 -- Adjusted deprecation warning stacklevel in FieldCacheMixin.get_cache_name().
2024-08-28 11:44:05 -03:00
Simon Charette
47f18a7226
Refs #35326 -- Adjusted deprecation warning stacklevel in FileSystemStorage.OS_OPEN_FLAGS.
2024-08-28 11:44:05 -03:00
Simon Charette
52ed2b645e
Refs #35060 -- Adjusted deprecation warning stacklevel in Model.save()/asave().
2024-08-28 11:44:05 -03:00
Simon Charette
a69f895d7d
Refs #34547 -- Adjusted deprecation warning stacklevel in DatabaseOperations.field_cast_sql().
2024-08-28 11:44:05 -03:00
Simon Charette
c042fe3a74
Refs #33735 -- Adjusted warning stacklevel in StreamingHttpResponse.__iter__()/__aiter__().
2024-08-28 11:44:05 -03:00
Simon Charette
7e6e1c8383
Refs #32339 -- Adjusted deprecation warning stacklevel in transitional form renderers.
2024-08-28 11:44:05 -03:00
Simon Charette
6bd5d4f705
Refs #22712 -- Adjusted deprecation warning stacklevel in staticfiles finders.
2024-08-28 11:44:05 -03:00
Simon Charette
8ee17037ae
Refs #16055 -- Adjusted deprecation warning stacklevel in get_joining_columns()/get_reverse_joining_columns().
2024-08-28 11:44:05 -03:00
Simon Charette
5e81a4e790
Refs #12581 -- Adjusted warning stacklevel in queries ring buffer.
2024-08-28 11:44:05 -03:00
Mariusz Felisiak
2b9f0b79bc
Fixed typo in docs/ref/models/expressions.txt.
2024-08-28 09:08:16 -03:00
Mariusz Felisiak
fed11ba461
Fixed typo in docs/ref/models/expressions.txt.
2024-08-28 09:08:16 -03:00
Mariusz Felisiak
07a4d23283
Refs #34900 -- Updated requirements for Python 3.13.
2024-08-28 09:02:47 -03:00
Adam Johnson
2b71b2c8dc
Refs #34609 -- Fixed deprecation warning stack level in format_html().
...
Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-27 15:14:50 -03:00
Natalia
b941de340d
Fixed grammatical error in stub release notes for upcoming security release.
2024-08-27 09:46:12 -03:00
Natalia
67efd42517
Added stub release notes and release date for 5.1.1, 5.0.9, and 4.2.16.
2024-08-27 09:24:15 -03:00
Tim Graham
bc9b6251e0
Added supports_sequence_reset skip in backends tests.
2024-08-26 12:53:08 -03:00
Tim Graham
6a85c888bf
Added supports_select_union skips in queries and aggregation tests.
2024-08-26 12:53:08 -03:00
Maarten Breddels
cdcd604ef8
Fixed #35703 -- Made technical_404_response() respect SCRIPT_NAME to return default_urlconf().
2024-08-23 18:07:47 +02:00
Giovanni Fabbretti
f72bbd4480
Fixed #35689 -- Handled custom labels in LabelCommand.missing_args_message.
2024-08-23 17:26:28 +02:00
Natalia
47b921391f
Removed unnecessary trailing slashes in Sphinx intersphinx_mapping URLs.
2024-08-23 11:15:16 -03:00
David Smith
0304f677ca
Updated Sphinx source_suffix setting to use a mapping.
...
Since Sphinx 1.8 this setting should be a mapping of file extensions to
file types. Before this change, Sphinx 8+ would show the following when
building docs:
Converting `source_suffix = '.txt'` to `source_suffix = {'.txt': 'restructuredtext'}`
2024-08-23 11:15:16 -03:00
nessita
046a354217
Added helper and refactored PasswordResetFormTest to unify email sending tests.
2024-08-23 11:13:31 -03:00
nessita
7adb6dd98d
Sorted alphabetically forms list in docs/topics/auth/default.txt.
2024-08-22 09:14:11 -03:00
Hisham Mahmood
519087819e
Fixed #35695 -- Ensured FileFields use a storage pointing to a temp directory in model_fields tests.
2024-08-21 08:51:25 -03:00
Marijke Luttekes
ba46b09f31
Updated GitHub PR template headings to level 4.
...
GitHub pull request descriptions are rendered as a comment. Comment
titles, which include the PR author, render in a h3. Hence, titles
within the comment body should be header level 4. This makes pull
request descriptions more accessible to screen readers.
2024-08-20 12:51:25 +02:00
Sarah Boyce
d9ae7f5b58
Fixed #35686 -- Added table headers to app list tables for screen readers.
2024-08-20 09:05:16 +02:00
nabil-rady
231c0d8593
Fixed #35668 -- Added mapping support to format_html_join.
2024-08-20 08:20:34 +02:00
Clifford Gama
ca1318988c
Fixed #35671 -- Clarified string-based fields behavior when null=False.
2024-08-20 08:09:39 +02:00