cb2be9d5d5
Refs #29546 -- Removed django.utils.timezone.FixedOffset per deprecation timeline.
2019-09-10 12:01:00 +02:00
3d716467a9
Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline.
2019-09-10 12:01:00 +02:00
b47bb4c4a7
Refs #29598 -- Removed FloatRangeField per deprecation timeline.
2019-09-10 12:01:00 +02:00
32796826bb
Added stub release notes for 3.1.
2019-09-10 12:00:56 +02:00
34decdebf1
Fixed #30754 -- Prevented inclusion of aliases in partial index conditions.
...
SQLite doesn't repoint table aliases in partial index conditions on table
rename which breaks the documented table alteration procedure.
Thanks Pēteris Caune for the report.
2019-09-10 10:03:16 +02:00
a624803514
Finalised release notes for 3.0 alpha release.
...
* Removed empty sections
* Corrected some typos and wrapping errors.
2019-09-10 09:58:42 +02:00
b1d37fea8f
Fixed #28107 -- Added DatabaseFeatures.allows_group_by_selected_pks_on_model() to allow enabling optimization for unmanaged models.
2019-09-09 14:04:46 +02:00
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
1edbb6c194
Refs #30426 -- Moved release notes into separate security section.
2019-09-09 13:35:31 +02:00
7254f1138d
Refs #29444 -- Allowed returning multiple fields from INSERT statements on PostgreSQL.
...
Thanks Florian Apolloner, Tim Graham, Simon Charette, Nick Pope, and
Mariusz Felisiak for reviews.
2019-09-09 10:51:14 +02:00
05d0eca635
Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.
2019-09-09 08:15:26 +02:00
350123f38c
Moved release note for refs #30158 from deprecated to backwards incompatible changes.
2019-09-05 15:56:52 +02:00
e2c6a0858d
Fixed #30750 -- Added support for check constraints on MySQL 8.0.16+.
2019-09-05 09:18:34 +02:00
72ebe85a26
Fixed #27910 -- Added enumeration helpers for use in Field.choices.
...
These classes can serve as a base class for user enums, supporting
translatable human-readable names, or names automatically inferred
from the enum member name.
Additional properties make it easy to access the list of names, values
and display labels.
Thanks to the following for ideas and reviews:
Carlton Gibson, Fran Hrženjak, Ian Foote, Mariusz Felisiak, Shai Berger.
Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-09-04 14:42:49 +02:00
25706d7285
Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler.
2019-09-04 08:40:46 +02:00
0d4529d314
Added stub release notes for 2.2.6.
2019-09-04 08:02:32 +02:00
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
47f49adc11
Added release dates for 2.2.5, 2.1.12, and 1.11.24.
2019-09-02 07:43:51 +02:00
0545781764
Fixed #30736 -- Added Storage.get_alternative_name() to allow customization.
2019-08-30 11:32:19 +02:00
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
4137fc2efc
Fixed #25367 -- Allowed boolean expressions in QuerySet.filter() and exclude().
...
This allows using expressions that have an output_field that is a
BooleanField to be used directly in a queryset filters, or in the
When() clauses of a Case() expression.
Thanks Josh Smeaton, Tim Graham, Simon Charette, Mariusz Felisiak, and
Adam Johnson for reviews.
Co-Authored-By: NyanKiyoshi <hello@vanille.bid>
2019-08-29 09:45:29 +02:00
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
06372a8d27
Fixed #30507 -- Updated admin's jQuery to 3.4.1.
2019-08-23 11:00:16 +02:00
85ac838d9e
Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL.
...
Thanks to Simon Charettes for review.
Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-21 13:10:06 +02:00
9a88e43aeb
Fixed broken links and redirects in documentation.
...
Removed reference to custom builds, feature removed in
8e6b3bba99
2019-08-21 10:57:24 +02:00
21e559495b
Fixed #29979 , Refs #17337 -- Extracted AutoField field logic into a mixin and refactored AutoFields.
...
This reduces duplication by allowing AutoField, BigAutoField and
SmallAutoField to inherit from IntegerField, BigIntegerField and
SmallIntegerField respectively. Doing so also allows for enabling the
max_length warning check and minimum/maximum value validation for auto
fields, as well as providing a mixin that can be used for other possible
future auto field types such as a theoretical UUIDAutoField.
2019-08-20 09:22:25 +02:00
d1c2e6dd04
Refs #28428 -- Made FileField.upload_to support pathlib.Path.
2019-08-18 20:34:58 +02:00
0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
6805c0f99f
Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231.
2019-08-16 15:25:42 +02:00
00035672a4
Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering.
...
Regression in 6d4e5feb79
2019-08-15 10:29:05 +02:00
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
2019-08-14 15:25:35 +02:00
eed2e740f7
Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
...
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
8d3519071e
Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning.
2019-08-08 21:14:06 +02:00
052388aba4
Fixed #30676 -- Added --pdb option to test runner.
2019-08-07 08:16:31 +02:00
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
2019-07-27 12:04:56 +02:00
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
5ed20b3aa3
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
...
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
a3417282ac
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
...
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
7174cf0b00
Refs #29824 -- Added RangeOperators helper class.
2019-07-16 16:57:46 +02:00
00d4e6f8b5
Updated Select2 to version 4.0.7.
2019-07-10 12:31:16 +02:00
7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364c
2019-07-10 10:33:36 +02:00
ee6e93ec87
Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
2019-07-10 07:46:08 +02:00
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
febe136d4c
Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints.
2019-07-08 14:57:56 +02:00
bc91f27a86
Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
...
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
868cd56f05
Added CVE-2019-12781 to the security release archive.
2019-07-01 10:14:36 +02:00
fc41401f33
Added release date for 2.2.3.
2019-07-01 07:48:45 +02:00
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
30b3ee9d0b
Added stub release notes for security releases.
2019-07-01 06:57:27 +02:00
d54baf6970
Updated translations from Transifex
...
Forward port of b3f7262e6e
2019-06-29 16:17:16 +02:00
a289e79679
Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator.
2019-06-26 09:25:24 +02:00
8454f6dea4
Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
2019-06-26 06:44:10 +02:00
87b1ad6e73
Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ManyToManyField.
2019-06-21 15:03:17 +02:00
2ef6f209f7
Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 07:07:23 +02:00
a415ce70be
Fixed #30451 -- Added ASGI handler and coroutine-safety.
...
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
87f5d07eed
Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names.
2019-06-14 18:20:29 +02:00
fde9b7d35e
Fixed #30128 -- Fixed handling timedelta timezone in database functions.
2019-06-13 09:29:43 +02:00
9e38ed0536
Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
...
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692 .
For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.
For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
4b6dfe1622
Fixed #30542 -- Fixed crash of numerical aggregations with filter.
...
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.
Thanks to Chuan-Zheng Lee for the report.
Regression in c690afb873
2019-06-05 08:06:26 +02:00
1f81e2df69
Added stub release notes for 2.2.3.
2019-06-05 06:57:44 +02:00
21b1d23912
Added CVE-2019-12308 to the security release archive.
2019-06-03 21:44:55 +02:00
8fb0ea5583
Added CVE-2019-11358 to the security release archive.
2019-06-03 21:44:55 +02:00
100ec901ae
Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
2019-06-03 14:08:51 +02:00
34ec52269a
Applied jQuery patch for CVE-2019-11358.
2019-06-03 11:36:12 +02:00
deeba6d920
Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link.
2019-06-03 11:36:12 +02:00
98c0fe19ee
Added stub release notes for security releases.
2019-06-03 10:48:52 +02:00
e2de49ec2e
Fixed #28520 -- Added --start-at/--start-after options to runtests.py.
2019-05-31 07:01:12 +02:00
480492fe70
Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader.
...
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.
If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.
Regression in 6754bffa2b
2019-05-29 09:41:24 +02:00
0344565179
Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature.
...
Regression in c8720e7696
2019-05-29 08:08:50 +02:00
a3f91891d2
Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when used in Subquery.
2019-05-28 10:05:50 +02:00
b2790f74d4
Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader.
...
Regression in c8720e7696
2019-05-28 08:31:33 +02:00
b6c4766f53
Refs #29548 -- Updated docs for MariaDB support.
2019-05-27 19:59:49 +02:00
0670b1b403
Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.
2019-05-24 17:15:34 +02:00
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
9d6f981a66
Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age().
2019-05-21 08:50:09 +02:00
df28ebd6c8
Fixed typo in docs/releases/3.0.txt.
2019-05-21 08:21:35 +02:00
c38e7a79f4
Fixed #30488 -- Removed redundant Coalesce call in SQL generated by SearchVector.
...
Regression in 405c836336
2019-05-20 08:34:06 +02:00
04042b2b44
Fixed #30463 -- Fixed crash of deprecation message when Meta.ordering contains expressions.
...
Regression in 1b1f64ee5a
2019-05-18 19:29:00 +02:00
8d010f3986
Fixed #30220 -- Added support for headless mode in selenium tests.
2019-05-17 08:14:54 +02:00
e286987a27
Fixed #30459 -- Delegated hide/show JS toggle to parent div.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2019-05-17 07:46:45 +02:00
a3a4f5c144
Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores.
2019-05-09 16:26:52 +02:00
48235ba807
Refs #30399 -- Made assertHTMLEqual normalize character and entity references.
2019-05-09 15:55:32 +02:00
Mariusz Felisiak
Simon Charette
Carlton Gibson
Vojtech Bocek
Nick Pope
Johannes Hoppe
Claude Paroz
Shai Berger
Nasir Hussain
yukihira1992
Berker Peksag
Matthew Schinckel
Hasan Ramezani
Dulmandakh
Mads Jensen
François Freitag
Adnan Umer
zeyneloz
Andrew Godwin
Florian Apolloner
Étienne Beaulé
Jon Dufresne
Tom Forbes
Simon Charette
can
nsasaki128
Nadège Michel
Sanyam Khurana
Tobias Bengfort
Caio Ariede
Johan Lübcke
Rob
Thomasina Lee
ruchit2801
Troon