Takayuki Hirayama
0393b9262d
Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
...
Regression in 981a072dd4
.
Thanks pirelle for the report.
2021-06-04 07:23:16 +02:00
Mariusz Felisiak
d9cee3f5f2
Fixed docs header underlines in security archive.
2021-06-02 12:16:38 +02:00
Carlton Gibson
ba10772bf6
Added stub release notes for Django 3.2.5.
2021-06-02 11:25:32 +02:00
Carlton Gibson
a39f235ca4
Added CVE-2021-33203 and CVE-2021-33571 to security archive.
2021-06-02 11:15:54 +02:00
Mariusz Felisiak
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner
46572de2e9
Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:58:39 +02:00
Carlton Gibson
f66ae7a2d5
Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-06-02 10:19:19 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
.
Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal
a0410ffe8f
Refs #32552 -- Added DiscoverRunner.log() to allow customization.
...
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Gildardo Adrian Maravilla Jacome
91e21836f6
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
2021-05-31 11:09:48 +02:00
David Wobrock
b9df2b74b9
Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
...
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg
b746596f5f
Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.
2021-05-28 10:50:27 +02:00
Mohammadreza Varasteh
e93eb3d971
Fixed #32789 -- Made feeds emit elements with no content as self-closing tags.
2021-05-27 21:05:28 +02:00
Nick Pope
e513fb0e77
Fixed typo in MiddlewareMixin deprecation note.
2021-05-27 06:17:30 +02:00
Mariusz Felisiak
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c5
.
Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani
1143f3bb5e
Fixed #32543 -- Added search_help_text to ModelAdmin.
2021-05-26 10:20:13 +02:00
Carlton Gibson
b46dbd4e3e
Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-05-26 10:16:05 +02:00
Hasan Ramezani
68357b2ca9
Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
2021-05-26 09:41:29 +02:00
Rohith PR
7cca22964c
Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
...
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Mariusz Felisiak
66491f08fe
Changed IRC references to Libera.Chat.
2021-05-20 12:23:36 +02:00
David Sanders
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
Carlton Gibson
c2e6047c72
Fixed #32740 -- Caught possible exception when initializing colorama.
2021-05-19 10:33:15 +02:00
Claude Paroz
8cd55021bc
Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
...
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak
958cdf65ae
Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4
.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev
a24fed399c
Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
...
Regression in b5e12d490a
.
2021-05-18 13:02:33 +02:00
Slava Skvortsov
f7691d4812
Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
...
Regression in ba31b01034
.
2021-05-18 09:14:05 +02:00
Nick Pope
c156e36955
Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.
2021-05-17 09:46:09 +02:00
Nick Pope
7c4ee487c7
Refs #32720 -- Fixed some broken links in docs.
2021-05-17 09:22:17 +02:00
Nick Pope
1c3bbcf802
Refs #32720 -- Used full hashes in security archive.
2021-05-17 08:27:46 +02:00
Mariusz Felisiak
df5c96299a
Corrected commit hashes for security patches.
2021-05-17 08:26:06 +02:00
Nick Pope
8c4caee76a
Refs #32720 -- Used :commit: and :source: role in old release notes.
2021-05-17 07:36:57 +02:00
Mariusz Felisiak
820408d842
Added stub release notes for Django 3.2.4.
2021-05-13 09:42:26 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
.
2021-05-13 08:53:44 +02:00
Simon Charette
b81c7562fc
Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
...
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc
.
Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso
3733ae8957
Fixed #32031 -- Added model class for each model to AdminSite.each_context().
2021-05-13 06:57:09 +02:00
Nick Pope
29e4ccb1a2
Fixed #32738 -- Deprecated django.utils.datetime_safe module.
2021-05-12 14:42:17 +02:00
Nick Pope
1061f52436
Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
...
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Mariusz Felisiak
d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes.
2021-05-12 10:42:01 +02:00
Jordi Castells
205c36b58f
Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.
2021-05-07 20:03:46 +02:00
Hasan Ramezani
028f10fac6
Fixed #32712 -- Deprecated django.utils.baseconv module.
2021-05-07 11:57:40 +02:00
Mariusz Felisiak
29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
Mariusz Felisiak
efebcc429f
Added CVE-2021-32052 to security archive.
2021-05-06 09:58:24 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Simon Charette
96f55ccf79
Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b6594305
.
Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Carlton Gibson
62b2e8b37e
Added commits for CVE-2021-31542 to security archive.
2021-05-04 11:09:21 +02:00
Carlton Gibson
607ebbfba9
Added CVE-2021-31542 to security archive.
2021-05-04 11:06:07 +02:00
Carlton Gibson
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Tim Graham
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
Hasan Ramezani
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00