Carlton Gibson
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
Carlton Gibson
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
Carlton Gibson
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
Carlton Gibson
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Étienne Beaulé
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
1692f69e37
Refs #30160 -- Doc'd startapp/startproject support for tarfile templates.
2019-07-31 09:46:24 +02:00
Nick Pope
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
daniel a rios
68aeb90160
Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
2019-07-29 09:52:29 +02:00
daniel a rios
fe33fdc049
Refs #30656 -- Reorganized bulk methods in the database optimization docs.
2019-07-29 09:52:29 +02:00
Jon Dufresne
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
.
2019-07-27 12:04:56 +02:00
Carlton Gibson
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
Jon Dufresne
5ed20b3aa3
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
...
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Tom Forbes
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
terminator14
8323691de0
Fixed typo in docs/topics/http/sessions.txt.
2019-07-23 15:10:58 +02:00
Tom Forbes
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
Mariusz Felisiak
fc1182af01
Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
...
Thanks Carlton Gibson the review.
2019-07-19 16:06:05 +02:00
Mariusz Felisiak
a2e1c17f19
Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
2019-07-19 16:06:05 +02:00
Davit Gachechiladze
7f612eda80
Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
2019-07-18 18:40:40 +02:00
Mariusz Felisiak
230d75f59c
Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
2019-07-18 12:56:25 +02:00
Mads Jensen
a3417282ac
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
...
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mads Jensen
7174cf0b00
Refs #29824 -- Added RangeOperators helper class.
2019-07-16 16:57:46 +02:00
Mariusz Felisiak
ad4e83a6d1
Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
2019-07-16 15:08:14 +02:00
Frank Wiles
fa65b90a96
Updated WSGI servers ordering according to the more commonly used.
2019-07-16 14:43:59 +02:00
Frank Wiles
c1b94e32fb
Fixed explanation of how to automatically create tables in database.
2019-07-15 11:04:30 +02:00
Hasan Ramezani
8dd5877f58
Doc'd --no-input option for createsuperuser.
2019-07-11 10:25:39 +02:00
Johannes Hoppe
00d4e6f8b5
Updated Select2 to version 4.0.7.
2019-07-10 12:31:16 +02:00
Mariusz Felisiak
7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364c
.
2019-07-10 10:33:36 +02:00
Simon Charette
ee6e93ec87
Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
.
2019-07-10 07:46:08 +02:00
Mariusz Felisiak
24e8f7f7d3
Fixed typos in docs/ref/django-admin.txt.
2019-07-09 13:38:11 +02:00
Mariusz Felisiak
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
can
febe136d4c
Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints.
2019-07-08 14:57:56 +02:00
Johannes Hoppe
bc91f27a86
Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
...
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
Nuno
34a88b21da
Fixed #30620 -- Made an example of admin-compliant custom user app pep8 compliant.
2019-07-08 07:39:28 +02:00
can
53209f7830
Fixed #30613 -- Moved index name validation to system checks.
2019-07-05 09:30:21 +02:00
sp1rs
f197c3dd91
Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match.
2019-07-04 13:14:51 +02:00
luto
d37ea5f09b
Fixed #28581 -- Moved django.core.paginator documentation to API Reference.
...
Co-Authored-By: Arman <armansabyrov@gmail.com>
2019-07-04 11:04:39 +02:00
luto
93b611c797
Refs #28581 -- Doc's how to paginate a ListView.
2019-07-04 11:04:31 +02:00
swatantra
c13e3715f5
Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model.
2019-07-04 08:05:20 +02:00
Hasan Ramezani
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
Carlton Gibson
4b32d039db
Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.
...
Equivalent note for PermissionsMixin was added in d33864ed13
.
2019-07-02 11:20:53 +02:00
Min ho Kim
fbb83fefd4
Fixed typos in comments and docs.
2019-07-02 09:36:17 +02:00
aitoehigie
c2f381ef17
Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes.
2019-07-01 11:39:31 +02:00
Mariusz Felisiak
868cd56f05
Added CVE-2019-12781 to the security release archive.
2019-07-01 10:14:36 +02:00
Mariusz Felisiak
fc41401f33
Added release date for 2.2.3.
2019-07-01 07:48:45 +02:00
Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00