Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
29,530 Commits 26 Branches 382 Tags
Commit Graph

29530 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mariusz Felisiak
848fe70f3e [3.2.x] Added CVE-2023-36053 to security archive. 
Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main
 2023-07-03 10:31:45 +02:00
Mariusz Felisiak
4012a87a58 [3.2.x] Post-release version bump. 2023-07-03 08:36:12 +02:00
Mariusz Felisiak
19bc11f636 [3.2.x] Bumped version for 3.2.20 release. 3.2.20 2023-07-03 08:33:38 +02:00
Mariusz Felisiak
454f2fb934 [3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:32:26 +02:00
Mariusz Felisiak
07cc014cb3 [3.2.x] Added stub release notes for 3.2.20. 
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
 2023-06-26 14:39:49 +02:00
Mariusz Felisiak
e1bbbbe6ac [3.2.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if Pillow isn't installed. 
Follow up to fb4c55d9ec4bb812a7fb91fa20510d91645e411b.
Backport of fcfbf08abe3e6dc54894df6988024f055abc6c40 from main
 2023-05-04 08:10:11 +02:00
Mariusz Felisiak
47ef12e69c [3.2.x] Added CVE-2023-31047 to security archive. 
Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main
 2023-05-03 15:22:32 +02:00
Mariusz Felisiak
15f90ebff3 [3.2.x] Post-release version bump. 2023-05-03 14:00:58 +02:00
Mariusz Felisiak
fc42edd2e6 [3.2.x] Bumped version for 3.2.19 release. 3.2.19 2023-05-03 13:59:19 +02:00
Mariusz Felisiak
eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-05-03 13:58:52 +02:00
Mariusz Felisiak
007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt. 2023-04-26 09:37:36 +02:00
Mariusz Felisiak
a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19. 
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
 2023-04-26 08:54:18 +02:00
Carlton Gibson
963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive. 
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
 2023-02-14 09:57:00 +01:00
Carlton Gibson
e34a2283f2 [3.2.x] Post-release version bump. 2023-02-14 09:07:53 +01:00
Carlton Gibson
722e9f8a38 [3.2.x] Bumped version for 3.2.18 release. 3.2.18 2023-02-14 09:04:22 +01:00
Markus Holtermann
a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
 2023-02-07 10:39:25 +01:00
Carlton Gibson
932b5bd52d [3.2.x] Added stub release notes for 3.2.18. 
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
 2023-02-07 10:14:53 +01:00
Mariusz Felisiak
c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
 2023-02-01 12:11:00 +01:00
Mariusz Felisiak
9bd8db3940 [3.2.x] Post-release version bump. 2023-02-01 10:00:34 +01:00
Mariusz Felisiak
aed1bb56d1 [3.2.x] Bumped version for 3.2.17 release. 3.2.17 2023-02-01 09:58:36 +01:00
Nick Pope
c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:48:18 +01:00
Mariusz Felisiak
9da46345d8 [3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+. 
Use FlexibleFieldLookupDict which is case-insensitive mapping because
SQLite 3.37+ returns some data type names upper-cased e.g. TEXT.
Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main
 2023-01-31 15:32:01 +01:00
Tim Graham
4c2b26174f [3.2.x] Removed 'tests' path prefix in a couple tests. 
Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main.
 2023-01-31 15:28:16 +01:00
Carlton Gibson
d21543182d [3.2.x] Adjusted release notes for 3.2.17. 
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
 2023-01-25 12:29:59 +01:00
Carlton Gibson
4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17. 
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
 2023-01-25 12:02:29 +01:00
Stephen
238e8898ac [3.2.x] Corrected passenv value for tox 4.0.6+. 
Backport of 34b328814976a2e2f7907361a494202763649f3f from main
 2023-01-25 06:12:18 +01:00
Mariusz Felisiak
b381ab4906 [3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+. 
Auto-created table of contents entries for all domain objects (e.g.
functions, classes, attributes, etc.) were added in Sphinx 5.2, see
https://github.com/sphinx-doc/sphinx/issues/6316.

An option to control new table of contents entries was added in Sphinx
5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886.
Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
 2022-12-29 06:15:37 +01:00
Nick Pope
f6f0699d01 [3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. 
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
 2022-10-29 13:36:23 +02:00
Carlton Gibson
accdd0576d [3.2.x] Added CVE-2022-36359 to security archive. 
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
 2022-10-04 10:13:25 +02:00
Carlton Gibson
7190b38b8d [3.2.x] Post-release version bump. 2022-10-04 09:36:16 +02:00
Carlton Gibson
4c85beca9d [3.2.x] Bumped version for 3.2.16 release. 3.2.16 2022-10-04 09:31:26 +02:00
Adam Johnson
5b6b257fa7 [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-09-27 10:17:34 +02:00
Carlton Gibson
33affaf0b6 [3.2.x] Added stub notes 3.2.16 release. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-09-27 10:14:45 +02:00
Carlton Gibson
777362d74a [3.2.x] Added CVE-2022-36359 to security archive. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-08-03 09:11:02 +02:00
Carlton Gibson
eb5bdb461e [3.2.x] Post-release version bump. 2022-08-03 09:03:45 +02:00
Carlton Gibson
653a7bd7b7 [3.2.x] Bumped version for 3.2.15 release. 3.2.15 2022-08-03 09:01:19 +02:00
Carlton Gibson
b3e4494d75 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. 
Thanks to Motoyasu Saburi for the report.
 2022-08-03 08:48:33 +02:00
Mariusz Felisiak
cb7fbac9f8 [3.2.x] Fixed collation tests on MySQL 8.0.30+. 
The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+.

Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main.
 2022-08-01 09:30:48 +02:00
Mariusz Felisiak
840d009c06 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+. 
The utf8 character set (and related collations) is by default an alias
for utf8mb3 on MariaDB 10.6+.
Backport of 355ecd141671e34853d1ff99ffdb1a7fb95b4276 from main
 2022-08-01 09:29:11 +02:00
Carlton Gibson
a5eba20f40 Adjusted release notes for 3.2.15. 
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
 2022-07-27 10:05:04 +02:00
Carlton Gibson
ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:34:30 +02:00
Mariusz Felisiak
22916c8c1f [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. 
Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main.
 2022-07-05 19:07:51 +02:00
Mariusz Felisiak
e1cfbe58b7 [3.2.x] Added CVE-2022-34265 to security archive. 
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
 2022-07-04 10:34:52 +02:00
Mariusz Felisiak
605cf0d3f6 [3.2.x] Post-release version bump. 2022-07-04 08:53:51 +02:00
Mariusz Felisiak
746e88cc63 [3.2.x] Bumped version for 3.2.14 release. 3.2.14 2022-07-04 08:42:36 +02:00
Mariusz Felisiak
a9010fe555 [3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:41:33 +02:00
Mariusz Felisiak
3acf156be3 [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0. 
It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1.
Backport of 863aa7541d30247e7eb7a973ff68a7d36f16dc02 from main
 2022-07-01 19:07:10 +02:00
Mariusz Felisiak
4a5d98ee0a [3.2.x] Bumped minimum Sphinx version to 4.5.0. 
Related Sphinx changes:
- https://github.com/sphinx-doc/sphinx/pull/8898
- https://github.com/sphinx-doc/sphinx/issues/8326

Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main.
 2022-06-27 08:45:07 +02:00
Mariusz Felisiak
1a9098166e [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
 2022-06-27 08:10:48 +02:00
Mariusz Felisiak
37f4de2deb [3.2.x] Added stub release notes for 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:23:46 +02:00