Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
30,295 Commits 26 Branches 382 Tags
Commit Graph

30295 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carlton Gibson
ef62a3a68c [4.0.x] Added CVE-2023-24580 to security archive. 
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
 2023-02-14 09:53:46 +01:00
Carlton Gibson
b87e3dc110 [4.0.x] Post-release version bump. 2023-02-14 09:10:50 +01:00
Carlton Gibson
4d51383f09 [4.0.x] Bumped version for 4.0.10 release. 4.0.10 2023-02-14 09:09:00 +01:00
Markus Holtermann
83f1ea83e4 [4.0.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
 2023-02-07 10:36:32 +01:00
Carlton Gibson
e5aecded4d [4.0.x] Added stub release notes for 4.0.10 and 3.2.18. 
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
 2023-02-07 10:13:28 +01:00
Mariusz Felisiak
534895f1ac [4.0.x] Fixed thread termination in servers.tests.LiveServerPort on Python < 3.10.9. 
TestCase.doClassCleanups() cannot be called on Python < 3.10.9 because
setUpClass()/tearDownClass() are called multiple times in
LiveServerTestCase tests (refs #27079).
 2023-02-02 13:13:25 +01:00
Mariusz Felisiak
d065944353 [4.0.x] Fixed thread termination in servers.tests.LiveServerPort on Python 3.10.9+. 
Class cleanups registered in TestCase subclasses are no longer called
as TestCase.doClassCleanups() only cleans up the particular class, see

c2102136be

Backport of d02a9f0cee84e3d23f676bdf2ab6aadbf4a5bfe8 from main.
 2023-02-02 07:16:47 +01:00
Mariusz Felisiak
7522f5d05a [4.0.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
 2023-02-01 12:10:34 +01:00
Mariusz Felisiak
0412138662 [4.0.x] Ignored e565a5cd187197a6349e55d7a4c68a9e12e2fd20 formatting changes in git blame. 2023-02-01 11:52:55 +01:00
David Smith
e565a5cd18 [4.0.x] Refs #33476 -- Applied Black's 2023 stable style. 
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0

Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main.
 2023-02-01 11:52:33 +01:00
Mariusz Felisiak
4cf73314c4 [4.0.x] Post-release version bump. 2023-02-01 09:57:37 +01:00
Mariusz Felisiak
ca891ef44b [4.0.x] Bumped version for 4.0.9 release. 4.0.9 2023-02-01 09:55:51 +01:00
Nick Pope
4452642f19 [4.0.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:47:17 +01:00
Mariusz Felisiak
b880e20876 [4.0.x] Fixed E501 flake8 error. 2023-01-31 15:41:11 +01:00
Mariusz Felisiak
2990e6fe8f [4.0.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+. 
Use FlexibleFieldLookupDict which is case-insensitive mapping because
SQLite 3.37+ returns some data type names upper-cased e.g. TEXT.

Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main.
 2023-01-31 15:34:43 +01:00
Mariusz Felisiak
8fe7bdc29d [4.0.x] Bumped versions in pre-commit and npm configurations. 
Backport of f825536b5e09b3a047fec0c10aabd91bace0995c from main.
 2023-01-31 14:13:03 +01:00
Mariusz Felisiak
9d39b0f19e [4.0.x] Added packaging tools to GitHub actions. 
Backport of fbacaa58ffc5a62456ee68b90efa13957f761ce4 from main.
 2023-01-31 14:11:03 +01:00
Tom Forbes
78aa12e334 [4.0.x] Used GitHub actions for Windows tests. 
Backport of f97401d1b184406d2e24f11eddbdaca8bbc360e3 from main
 2023-01-31 14:08:41 +01:00
Mariusz Felisiak
ca8c5bd690 [4.0.x] Skipped GitHub actions for linters and JavaScript tests on purely doc changes. 
Backport of 48924966e275670623bd7e33e9089f895f6a3110 from main
 2023-01-31 14:08:30 +01:00
Carlton Gibson
2d13db1b4a [4.0.x] Adjusted release notes for 4.0.9, and 3.2.17. 
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
 2023-01-25 12:28:59 +01:00
Carlton Gibson
d8767c8d25 [4.0.x] Added stub release notes for 4.0.9 and 3.2.17. 
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
 2023-01-25 12:00:54 +01:00
Stephen
8635e4023c [4.0.x] Corrected passenv value for tox 4.0.6+. 
Backport of 34b328814976a2e2f7907361a494202763649f3f from main
 2023-01-25 06:12:42 +01:00
Mariusz Felisiak
0a8b4301d2 [4.0.x] Disabled auto-created table of contents entries on Sphinx 5.2+. 
Auto-created table of contents entries for all domain objects (e.g.
functions, classes, attributes, etc.) were added in Sphinx 5.2, see
https://github.com/sphinx-doc/sphinx/issues/6316.

An option to control new table of contents entries was added in Sphinx
5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886.
Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
 2022-12-29 06:15:06 +01:00
Mariusz Felisiak
24aad2d128 [4.0.x] Bumped gh-problem-matcher-wrap version to 2.0.0. 
This avoids issues with using deprecated Node.js 12 actions.

Backport of 744a1af7f943106e30d538e6ace55c2c66ccd791 from main.
 2022-11-22 12:03:53 +01:00
Nick Pope
a882fa22ba [4.0.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. 
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
 2022-10-29 13:35:54 +02:00
HieuPham9720
d3ee881c8e [4.0.x] Skipped scrypt tests when OpenSSL 1.1+ is not installed. 
Backport of 3e928de8add92a5f38a562abd7560b023d24b6af from main
 2022-10-20 18:53:47 -07:00
Carlton Gibson
07ccf43544 [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
 2022-10-04 10:12:59 +02:00
Carlton Gibson
fa3ce04847 [4.0.x] Post-release version bump. 2022-10-04 09:39:43 +02:00
Carlton Gibson
7d5cb49501 [4.0.x] Bumped version for 4.0.8 release. 4.0.8 2022-10-04 09:37:33 +02:00
Adam Johnson
23f0093125 [4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-09-27 10:26:46 +02:00
Carlton Gibson
4a30e0db26 [4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
 2022-09-27 10:12:55 +02:00
Carlton Gibson
898f0aa44f [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-08-03 09:10:47 +02:00
Carlton Gibson
60e6baebf9 [4.0.x] Post-release version bump. 2022-08-03 08:58:34 +02:00
Carlton Gibson
e9e9729846 [4.0.x] Bumped version for 4.0.7 release. 4.0.7 2022-08-03 08:54:46 +02:00
Carlton Gibson
b7d9529cbe [4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. 
Thanks to Motoyasu Saburi for the report.
 2022-08-03 08:48:00 +02:00
Carlton Gibson
2eb7dedd8f [4.0.x] Adjusted version 4.0.7 release notes. 
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
 2022-08-03 08:37:50 +02:00
Mariusz Felisiak
baeffe8c12 [4.0.x] Ignored 080359c4c5242ef69ac8c58c92f240e71121ffd7 formatting changes in git blame. 2022-08-03 08:14:00 +02:00
Mariusz Felisiak
080359c4c5 [4.0.x] Fixed warnings per flake8 5.0.0. 
Backport of c18861804feb6a97afbeabb51be748dd60a04458 from main.
 2022-08-03 08:09:59 +02:00
Mariusz Felisiak
1a9f079b7e [4.0.x] Fixed collation tests on MySQL 8.0.30+. 
The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+.
Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main
 2022-08-01 09:26:34 +02:00
Carlton Gibson
b8b449fe20 [4.0.x] Adjusted release notes for 4.0.7 and 3.2.15. 
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
 2022-07-27 10:04:02 +02:00
Carlton Gibson
2c2b748d95 [4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:32:40 +02:00
Mariusz Felisiak
f78b18f9c8 [4.0.x] Fixed #33820 -- Doc'd "true"/"false"/"null" caveat for JSONField key transforms on SQLite. 
Thanks Johnny Metz for the report.

Regression in 71ec102b01fcc85acae3819426a4e02ef423b0fa.
Backport of e20e5d1557785ba71e8ef0ceb8ccb85bdc13840a from main
 2022-07-26 20:22:34 +02:00
Mariusz Felisiak
48501c84ad [4.0.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. 
Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main
 2022-07-05 19:06:39 +02:00
Mariusz Felisiak
6a830bf900 [4.0.x] Added CVE-2022-34265 to security archive. 
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
 2022-07-04 10:34:15 +02:00
Mariusz Felisiak
90dc60d1a8 [4.0.x] Added stub release notes for 4.0.7. 
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
 2022-07-04 10:34:05 +02:00
Mariusz Felisiak
e6f69938c5 [4.0.x] Post-release version bump. 2022-07-04 08:39:25 +02:00
Mariusz Felisiak
caad462fea [4.0.x] Bumped version for 4.0.6 release. 4.0.6 2022-07-04 08:33:06 +02:00
Mariusz Felisiak
c73215272a [4.0.x] Updated man page for Django 4.0.6. 2022-07-04 08:31:42 +02:00
Mariusz Felisiak
0dc9c016fa [4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:26:57 +02:00
Aristotelis Mikropoulos
a2b88d7be6 [4.0.x] Fixed typo in docs/topics/signals.txt. 
Backport of 5eb6a2b33d70b9889e1cafa12594ad6f80773d3a from main
 2022-07-02 16:47:26 +02:00