4f5b58f5cd
[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-07-29 11:06:54 +02:00
e34f3c0e9e
[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:06:54 +02:00
c3289717c6
[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:00:01 +02:00
f9462f4c82
[2.2.x] Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
...
Backport of 68aeb90160
2019-07-29 10:10:00 +02:00
b4139ed6ea
[2.2.x] Refs #30656 -- Reorganized bulk methods in the database optimization docs.
...
Backport of fe33fdc049
2019-07-29 10:09:53 +02:00
ea57c8a345
[2.2.x] Added stub release notes for security releases.
...
Backport of f13147c8de
2019-07-25 10:50:18 +02:00
4d6449e125
[2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
...
Backport of fc75694257
2019-07-24 14:38:24 +02:00
61d4a15989
[2.2.x] Fixed typo in docs/topics/http/sessions.txt.
...
Backport of 8323691de0
2019-07-23 15:11:54 +02:00
2d2859bec2
[2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
...
Backport of 2ff517ccb6
2019-07-23 10:41:50 +02:00
506f800ead
[2.2.x] Refs #30083 -- Added a warning about performing queries in pre/post_init receivers.
...
Thanks Carlton Gibson the review.
Backport of fc1182af01
2019-07-19 16:07:29 +02:00
fa3ae446d9
[2.2.x] Refs #30083 -- Clarified database state of instances in signals.pre_init docs.
...
Backport of a2e1c17f19
2019-07-19 16:07:21 +02:00
de2635fb4e
[2.2.x] Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs.
...
Backport of 7f612eda80
2019-07-18 19:47:53 +02:00
0088e59292
[2.2.x] Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation.
...
Backport of 230d75f59c
2019-07-18 12:56:52 +02:00
4814db40c1
[2.2.x] Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.
...
Backport of ad4e83a6d1
2019-07-16 15:08:40 +02:00
d58cde7444
[2.2.x] Updated WSGI servers ordering according to the more commonly used.
...
Backport of fa65b90a96
2019-07-16 14:44:29 +02:00
de19a600f0
[2.2.x] Fixed explanation of how to automatically create tables in database.
...
Backport of c1b94e32fb
2019-07-15 15:24:44 +02:00
a39365c48e
[2.2.x] Doc'd --no-input option for createsuperuser.
...
Backport of 8dd5877f58
2019-07-11 10:26:16 +02:00
1088a9777d
[2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson for the review.
Regression in 6b048b364c7991111af1
2019-07-10 10:34:49 +02:00
9dee8515d6
[2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9ee6e93ec87
2019-07-10 08:04:45 +02:00
8f0b9e7f9a
[2.2.x] Fixed typos in docs/ref/django-admin.txt.
...
Backport of 24e8f7f7d3
2019-07-09 13:39:35 +02:00
b593c39d7f
[2.2.x] Added stub release notes for 2.2.4.
...
Backport of 08e69cad9c
2019-07-09 07:45:27 +02:00
0ea952e3d6
[2.2.x] Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match.
...
Backport of f197c3dd91
2019-07-04 13:36:10 +02:00
7d52d056e3
[2.2.x] Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model.
...
Backport of c13e3715f5
2019-07-04 08:22:56 +02:00
b6d8957356
[2.2.x] Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.
...
Equivalent note for PermissionsMixin was added in d33864ed134b32d039db
2019-07-02 11:21:46 +02:00
b9d1bb6955
[2.2.x] Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes.
...
Backport of c2f381ef17
2019-07-01 12:03:56 +02:00
2b533ae60e
[2.2.x] Added CVE-2019-12781 to the security release archive.
...
Backport of 868cd56f05
2019-07-01 10:21:16 +02:00
5d39f62f7e
[2.2.x] Post-release version bump.
2019-07-01 08:21:52 +02:00
89e9a4aeb6
[2.2.x] Bumped version for 2.2.3 release.
2019-07-01 07:55:16 +02:00
93e719efdb
[2.2.x] Updated man page for Django 2.2.
2019-07-01 07:54:32 +02:00
4f2713ff0e
[2.2.x] Added release date for 2.2.3.
...
Backport of fc41401f33
2019-07-01 07:51:53 +02:00
77706a3e47
[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f
2019-07-01 07:50:48 +02:00
db9f7b44fc
[2.2.x] Added stub release notes for security releases.
...
Backport of 30b3ee9d0b
2019-07-01 07:03:03 +02:00
395cf7c375
[2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
...
Backport of 4305fbe8b1
2019-06-30 19:46:40 +02:00
b3f7262e6e
[2.2.x] Updated translations from Transifex
2019-06-29 16:15:53 +02:00
bdc1de2199
[2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
...
Backport of 8454f6dea4
2019-06-26 06:44:57 +02:00
04965bf92d
[2.2.x] Fixed typo in docs/topics/db/models.txt.
...
Backport of 833878411c
2019-06-24 09:05:15 +02:00
f3b036593f
[2.2.x] Fixed typo in docs/ref/models/indexes.txt.
...
Backport of 2f91e7832f
2019-06-24 09:01:12 +02:00
3b2701e4f2
[2.2.x] Removed unneeded non-breaking spaces added in 00169bc36
...
Backport of 8590726a5d
2019-06-22 10:28:26 +02:00
2525785880
[2.2.x] Bumped minimum ESLint version to 4.18.2.
...
Backport of ad7b438002
2019-06-21 18:00:32 +02:00
e6b2471ce7
[2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
...
Backport of 2ef6f209f7
2019-06-21 07:10:32 +02:00
d200069b15
[2.2.x] Refs #30565 -- Doc'd HttpResponse.close() method.
...
Backport of 533311782f
2019-06-20 11:49:52 +02:00
c3a0f76d11
[2.2.x] Fixed #30547 -- Doc'd how Meta.constraints affect model validation.
...
Backport of 00169bc361
2019-06-20 10:45:20 +02:00
c3a9d3050c
[2.2.x] Fixed typos in signals and custom management commands docs.
...
Backport of a7038adbd0
2019-06-19 08:41:51 +02:00
1ce04289f1
[2.2.x] Fixed typos and example in signals.pre_init docs.
...
Backport of 036362e0cf
2019-06-18 15:09:07 +02:00
26c1214364
[2.2.x] Fixed an example of email with display name in EmailMessage.from_email.
...
Backport of 0c2ffdd526
2019-06-13 18:00:28 +02:00
13e6040fd4
[2.2.x] Fixed intword example in docs/ref/contrib/humanize.txt.
...
Backport of 175656e166
2019-06-11 22:12:24 +02:00
36766e1a28
[2.2.x] Fixed #30486 -- Fixed the default value of Aggregate.distinct and updated example of custom aggregate functions.
...
Backport of 76b3fc5c8d
2019-06-11 12:02:02 +02:00
d5d22e1090
[2.2.x] Changed charset and collation link to MySQL docs.
...
Backport of f3a03d5b61
2019-06-11 11:17:23 +02:00
430f7e9dac
[2.2.x] Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
...
Backport of 5ab75adb90
2019-06-10 16:57:50 +02:00
6dca336167
[2.2.x] Fixed #30553 -- Clarified the default value of disable_existing_loggers.
...
Backport of 03cd3d137e
2019-06-10 15:18:40 +02:00
Mariusz Felisiak
Florian Apolloner
daniel a rios
Carlton Gibson
Tom Forbes
terminator14
Davit Gachechiladze
Frank Wiles
Hasan Ramezani
Simon Charette
sp1rs
swatantra
aitoehigie
Claude Paroz
Meysam
Alexey Opalev
Markus Holtermann
Jon Dufresne
Chris Jerdonek
Joachim Jablon
Vyacheslav Ver
Mykola Nicholas