test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
30,148 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

10 Commits

Author SHA1 Message Date
Florian Apolloner e1592e0f26 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:10:14 +01:00
Florian Apolloner 2a8ec7f546 [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Florian Apolloner df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Carlton Gibson c9ec72ea1b [4.0.x] Added stub release notes for 4.0.1, 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b from main.
 2021-12-28 10:08:54 +01:00
Brenton Partridge b85ceaaba6 [4.0.x] Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64. 
Backport of 19fb838803 from main
 2021-12-21 13:36:08 +01:00
Simon Charette 7e6a2e3b45 [4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector. 
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.

This likely slipped under the radar for so long and only regressed in
b9df2b74b9 because prior to the changes
related to the usage of model states instead of rendered models in the
auto-detector the exact value settings value was never going through a
case folding hoop.

Thanks Andrew Chen Wang for the report and Keryn Knight for the
investigation.

Backport of 4328970780 from main
 2021-12-17 10:00:33 +01:00
Mariusz Felisiak c1d2e8b9b8 [4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed HttpRequest. 
Regression in 3fd82a6241.

Thanks Terence Honles for the report.
Backport of 40165eecc4 from main
 2021-12-16 20:14:17 +01:00
Jeremy Lainé 3b03bce122 [4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans. 
Backport of 2f33217ea2 from main
 2021-12-14 08:46:16 +01:00
Baptiste Mispelon 15031852c5 [4.0.x] Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a formset named "form". 
Thanks OutOfFocus4 for the report.

Regression in 456466d932.

Backport of cb383753c0 from main.
 2021-12-08 21:13:00 +01:00
Mariusz Felisiak 81a90b5bc3 [4.0.x] Added stub release notes for 4.0.1. 
Backport of adef3d975e from main
 2021-12-07 10:42:26 +01:00