Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
27,779 Commits 26 Branches 382 Tags
Commit Graph

11660 Commits

Author SHA1 Message Date
Mariusz Felisiak
2a04e24d2d [3.0.x] Added CVE-2021-28658 to security archive. 
Backport of 1eac8468cbde790fecb51dd055a439f4947d01e9 from main
 2021-04-06 09:47:14 +02:00
Mariusz Felisiak
e7fba62248 [3.0.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
 2021-04-06 08:33:16 +02:00
Carlton Gibson
232d5f61e6 [3.0.x] Added CVE-2021-23336 to security archive. 
Backport of ab58f072502e86dfe21b2bd5cccdc5e94dce8d26 from master
 2021-02-19 11:06:46 +01:00
Nick Pope
326a926bee [3.0.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). 2021-02-18 10:21:04 +01:00
Nick Pope
ad36388406 [3.0.x] Added documentation extlink for bugs.python.org. 
Backport of d02d60eb0f032c9395199fb73c6cd29ee9bb2646 from master
 2021-02-17 14:27:36 +01:00
Mariusz Felisiak
0194f0be31 [3.0.x] Added CVE-2021-3281 to security archive. 
Backport of f749148d62ece28d208ab66b109f858215ba090a from master
 2021-02-01 10:46:46 +01:00
Mariusz Felisiak
52e409ed17 [3.0.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
 2021-02-01 09:14:22 +01:00
Tim Graham
f13bedf102 [3.0.x] Updated CVE URL. 
Backport of 656b331b13e08e82bbf0b88d39080c5b1a02109c from master
 2021-01-02 12:50:30 +01:00
Carlton Gibson
c3b8a62f63 [3.0.x] Set release date for 3.0.11 and 2.2.17. 
Backport of 7fc07b9b2ba0c5c62a8840325d21b414a099fda0 from master
 2020-11-02 08:37:54 +01:00
Christian Klus
b0a6798de5 [3.0.x] Fixed #32152 -- Fixed grouping by subquery aliases. 
Regression in 42c08ee46539ef44f8658ebb1cbefb408e0d03fe.

Thanks Simon Charette for the review.

Backport of 4ac2d4fa42e1659f328c35b6b8d4761b3419c11a from master
 2020-10-29 11:33:52 +01:00
Claude Paroz
72a17c919b [3.0.x] Fixed #32110 -- Doc'd and tested enumerations for ChoiceField.choices. 
Backport of 7f85498eef1d8fcc52e4fb70df8041f5452d405a from master
 2020-10-17 21:06:57 +02:00
Mariusz Felisiak
301bca9394 [3.0.x] Refs #31040 -- Doc'd Python 3.9 compatibility. 
Backport of e18156b6c35908f2a4026287b5225a6a4da8af1a from master.
 2020-10-13 08:40:39 +02:00
Mariusz Felisiak
9deb850e23 [3.0.x] Skipped GetImageDimensionsTests.test_webp when WEBP is not installed. 
Bumped minimum Pillow version to 4.2.0 in test requirements.

Backport of fce389af7cf95151118c9fc7cafd777a31f94946 from master
 2020-10-06 11:30:21 +02:00
Carlton Gibson
1734484f12 [3.0.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive. 
Backport of d5b526bf78a9e5d9760e0c0f7647622bf47782fe from master
 2020-09-01 11:38:46 +02:00
Carlton Gibson
79e6eb3853 [3.0.x] Added release date for 3.0.10, and 2.2.16. 
Backport of 976e2b7420c0f7e3060a13792b97511a9aad31d7 from master
 2020-09-01 09:58:40 +02:00
Mariusz Felisiak
cdb367c92a [3.0.x] Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+. 
Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
 2020-08-25 10:45:33 +02:00
Mariusz Felisiak
08892bffd2 [3.0.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+. 
Thanks WhiteSage for the report.

Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
 2020-08-25 10:43:50 +02:00
Kaustubh
db8b935730 [3.0.x] Fixed #31925 -- Fixed typo in docs/releases/3.0.txt. 
Backport of 3e753d3de33469493b1f0947a2e0152c4000ed40 from master
 2020-08-21 09:49:13 +02:00
Mariusz Felisiak
ab5491c7cc [3.0.x] Refs #31863 -- Added release notes for 94ea79be137f3cb30949bf82198e96e094f2650d. 
Backport of 21768a99f47ee73a2f93405151550ef7c3d9c8a2 from master
 2020-08-13 16:31:27 +02:00
Daniel Hillier
784ed4ada1 [3.0.x] Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()). 
Backport of 60626162f76f26d32a38d18151700cb041201fb3 from master
 2020-08-11 12:31:50 +02:00
Mariusz Felisiak
9f74a24803 [3.0.x] Added stub release notes for 2.2.16 and 3.0.10. 
Backport of 8a5683b6b2aede38edcff070686ed1fce470dec5 from master
 2020-08-11 11:13:20 +02:00
Mariusz Felisiak
b1ae5d015b [3.0.x] Added release date for 2.2.15 and 3.0.9. 
Backport of b68b8cb89abb35ff2152175ea540619ec384b1f4 from master
 2020-08-03 08:56:37 +02:00
Mariusz Felisiak
d70ed9439d [3.0.x] Corrected signing.dumps()/loads() signatures in docs. 
Backport of 8703680ebee47bfa9e912a30a0509798500bf42a from master
 2020-07-31 11:34:32 +02:00
Andrzej Bartosiński
8f8d4b3d52 [3.0.x] Corrected admin.register() signature in docs. 
Backport of eb215da363e6cf0e8f3405db3c4392398c8777cb from master
 2020-07-29 12:55:00 +02:00
Claude Paroz
e0397e11b5 [3.0.x] Refs #30165 -- Removed leftover 'u' prefix. 
Backport of bac5777bff8e8d8189193438b5af52f158a3f2a4 from master
 2020-07-29 10:20:44 +02:00
Harpreet Sharma
08063f0122 [3.0.x] Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs. 
Follow up to 22aab8662f0368b63f91f2526bdd0532524bc0fe

Backport of 248d03fbe932b0844c628e56dafba334f9e028e4 from master
 2020-07-23 21:01:10 +02:00
LincolnPuzey
6fc4445cff [3.0.x] Fixed #31816 -- Corrected the expected content type in StreamingHttpResponse docs. 
Backport of d75436109694c286d9af48ae94ca39759d080214 from master
 2020-07-23 13:13:44 +02:00
Ramiro Morales
b732afe30a [3.0.x] Fixed typo in docs/ref/models/querysets.txt. 
Backport of 51e536178cba9489b9d759f69f72f442af16ba32 from master
 2020-07-22 23:37:44 +02:00
Buk Bukowski
f4b7996e9b [3.0.x] Fixed #31814 -- Fixed typo in docs/ref/settings.txt. 
Backport of f65454801bfa13fc043fee0aca8f49af41380683 from master
 2020-07-22 22:39:55 +02:00
Adam Johnson
76b7b3a778 [3.0.x] Doc'd Model.MultipleObjectsReturned docs and improved documentation related with models exceptions. 
Backport of bc4fea92b296a7eacbd5f89263ca67515feeb53f from master
 2020-07-22 20:22:09 +02:00
Adam Johnson
f026d761d6 [3.0.x] Refs #24763 -- Moved DoesNotExist to Model class docs. 
Backport of b5f0efa19c82d274082bcde8a8acae5038667614 from master
 2020-07-22 20:22:06 +02:00
David Chorpash
0a3c1272f2 [3.0.x] Refs #31720 -- Added examples to BoolAnd() and BoolOr() documentation. 
Backport of a2e621b14e85836362b7fc0e6b1bf7d7ff98e42b from master
 2020-07-21 07:02:29 +02:00
Adam Johnson
bcb511f9d8 [3.0.x] Improved description of USE_THOUSAND_SEPARATOR setting. 
Backport of 80f92177eb2a175579f4a6907ef5a358863bddca from master
 2020-07-20 12:56:11 +02:00
Florian Apolloner
ccc088f8ce [3.0.x] Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+. 
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.

Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.

See https://bugs.python.org/issue39073

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 from master
 2020-07-20 07:15:14 +02:00
Adam Johnson
5bd7c18306 [3.0.x] Improved ManyToManyField.through docs. 
Backport of e7fa8aff432a90b6df9914d63aad239164b6b4d4 from master
 2020-07-17 10:48:32 +02:00
Adam Johnson
051e6f58ea [3.0.x] Refs #31502 -- Made minor edits to Model._state docs. 
Backport of 5ef6f626347f9ea13915f3cf5b8b045c5b42b102 from master
 2020-07-16 21:12:33 +02:00
Mariusz Felisiak
331324ecce
[3.0.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie(). 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.

Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master.
 2020-07-16 09:30:15 +02:00
Eric Theise
419a78300f [3.0.x] Fixed typo in docs/ref/contrib/postgres/forms.txt. 
Backport of d08e6f55e3a986a8d4b3a58431d9615c7bc81eaa from master
 2020-07-15 09:05:04 +02:00
Caio Ariede
96b04f53c5 [3.0.x] Fixed #21528 -- Added note about filtering form field's queryset based on instance to admin docs. 
Backport of d38c34119e91a533c797098f150abe99b5ee2fd8 from master
 2020-07-13 23:02:51 +02:00
Mariusz Felisiak
b44e2d62c0 [3.0.x] Refs #30676 -- Added pdb argument to DiscoverRunner docs. 
Backport of 2c43840dfba42ed02574a270d826fda08e4b50d1 from master
 2020-07-10 19:10:28 +02:00
Ramiro Morales
7808a04fe5 [3.0.x] Corrected custom model fields how-to. 
get_prep_value() method is complementary of from_db_value().

Follow up to e9103402c0fa873aea58a6a11dba510cd308cb84.

Backport of 52a0a03671437fc4c1be1eef431685a16aef8b43 from master
 2020-07-10 11:38:26 +02:00
Carlton Gibson
bb47c1dde4 [3.0.x] Removed unsupported third-party database backends from docs. 
Backport of 1d8256719eecb724476e6cb8d63cfebf6ba1a3cc from master
 2020-07-08 22:30:51 +02:00
Tim Park
502349ce77 [3.0.x] Fixed #31739 -- Documented dependency between HttpRequest stream IO methods and body. 
Backport of 060576b0abac460d72714e300aa709d1e7a87dd7 from master
 2020-07-08 10:41:57 +02:00
Tim Park
b66588abe2 [3.0.x] Fixed #31502 -- Documented Model._state.db and Model._state.adding 
Backport of 697e59d5cf81e6c7e4a06ca98d6e3e16cea486dc from master
 2020-07-08 10:07:23 +02:00
Jason Held
3ca2361d70 [3.0.x] Fixed #24816 -- Clarified docs about preventing duplicate signals. 
Backport of 639142e24d41c5e5a508cb1280f32fd7ff159cca from master
 2020-07-08 08:26:15 +02:00
Jacob Walls
9141841cca [3.0.x] Fixed #29308 -- Clarified how assertQuerysetEqual()'s transform works. 
Backport of 659a73bc0a2df9be856e23fcfc6cc66d0d1a35fd from master
 2020-07-08 08:26:11 +02:00
David Smith
8f750bc295 [3.0.x] Fixed #30945 -- Doc'd plural equations changes in 2.2. release notes. 
Backport of 392036be29b759204cbc4033072672acacabf3f7 from master
 2020-07-03 09:39:23 +02:00
Carlton Gibson
9e4f55757d [3.0.x] Refs #6903 -- Adjusted ModelAdmin.preserve_filters docs. 
Backport of b142bd4a1b83b77c5c81a8cf5a80a63608f96ad4 from master
 2020-07-02 21:11:10 +02:00
Mariusz Felisiak
5a15e3e378 [3.0.x] Added stub release notes for 3.0.9. 
Backport of c2a835703f706583542e9dae82749ac3b92819f8 from master
 2020-07-01 07:13:25 +02:00
Mariusz Felisiak
7d133e81e8 [3.0.x] Added release date for 2.2.14 and 3.0.8. 
Backport of 0f3aecf581b50215820455eb2f6a19a1b3b3ef8b from master
 2020-07-01 06:18:55 +02:00