Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
30,295 Commits 26 Branches 382 Tags
Commit Graph

12751 Commits

Author SHA1 Message Date
Carlton Gibson
ef62a3a68c [4.0.x] Added CVE-2023-24580 to security archive. 
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
 2023-02-14 09:53:46 +01:00
Markus Holtermann
83f1ea83e4 [4.0.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
 2023-02-07 10:36:32 +01:00
Carlton Gibson
e5aecded4d [4.0.x] Added stub release notes for 4.0.10 and 3.2.18. 
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
 2023-02-07 10:13:28 +01:00
Mariusz Felisiak
7522f5d05a [4.0.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
 2023-02-01 12:10:34 +01:00
Nick Pope
4452642f19 [4.0.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:47:17 +01:00
Carlton Gibson
2d13db1b4a [4.0.x] Adjusted release notes for 4.0.9, and 3.2.17. 
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
 2023-01-25 12:28:59 +01:00
Carlton Gibson
d8767c8d25 [4.0.x] Added stub release notes for 4.0.9 and 3.2.17. 
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
 2023-01-25 12:00:54 +01:00
Mariusz Felisiak
0a8b4301d2 [4.0.x] Disabled auto-created table of contents entries on Sphinx 5.2+. 
Auto-created table of contents entries for all domain objects (e.g.
functions, classes, attributes, etc.) were added in Sphinx 5.2, see
https://github.com/sphinx-doc/sphinx/issues/6316.

An option to control new table of contents entries was added in Sphinx
5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886.
Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
 2022-12-29 06:15:06 +01:00
Nick Pope
a882fa22ba [4.0.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. 
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
 2022-10-29 13:35:54 +02:00
Carlton Gibson
07ccf43544 [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
 2022-10-04 10:12:59 +02:00
Adam Johnson
23f0093125 [4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 
Thanks to Benjamin Balder Bach for the report.
 2022-09-27 10:26:46 +02:00
Carlton Gibson
4a30e0db26 [4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
 2022-09-27 10:12:55 +02:00
Carlton Gibson
898f0aa44f [4.0.x] Added CVE-2022-36359 to security archive. 
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
 2022-08-03 09:10:47 +02:00
Carlton Gibson
b7d9529cbe [4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. 
Thanks to Motoyasu Saburi for the report.
 2022-08-03 08:48:00 +02:00
Carlton Gibson
2eb7dedd8f [4.0.x] Adjusted version 4.0.7 release notes. 
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
 2022-08-03 08:37:50 +02:00
Carlton Gibson
b8b449fe20 [4.0.x] Adjusted release notes for 4.0.7 and 3.2.15. 
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
 2022-07-27 10:04:02 +02:00
Carlton Gibson
2c2b748d95 [4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases. 
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
 2022-07-27 09:32:40 +02:00
Mariusz Felisiak
f78b18f9c8 [4.0.x] Fixed #33820 -- Doc'd "true"/"false"/"null" caveat for JSONField key transforms on SQLite. 
Thanks Johnny Metz for the report.

Regression in 71ec102b01fcc85acae3819426a4e02ef423b0fa.
Backport of e20e5d1557785ba71e8ef0ceb8ccb85bdc13840a from main
 2022-07-26 20:22:34 +02:00
Mariusz Felisiak
6a830bf900 [4.0.x] Added CVE-2022-34265 to security archive. 
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
 2022-07-04 10:34:15 +02:00
Mariusz Felisiak
90dc60d1a8 [4.0.x] Added stub release notes for 4.0.7. 
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
 2022-07-04 10:34:05 +02:00
Mariusz Felisiak
c73215272a [4.0.x] Updated man page for Django 4.0.6. 2022-07-04 08:31:42 +02:00
Mariusz Felisiak
0dc9c016fa [4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
 2022-07-04 08:26:57 +02:00
Aristotelis Mikropoulos
a2b88d7be6 [4.0.x] Fixed typo in docs/topics/signals.txt. 
Backport of 5eb6a2b33d70b9889e1cafa12594ad6f80773d3a from main
 2022-07-02 16:47:26 +02:00
Mariusz Felisiak
4d20d2f7c2 [4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.

Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
 2022-06-27 08:04:25 +02:00
Mariusz Felisiak
8a294ee2e0 [4.0.x] Added stub release notes and release date for 4.0.6 and 3.2.14. 
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
 2022-06-27 07:22:22 +02:00
Mariusz Felisiak
0f3b25044c [4.0.x] Fixed #33789 -- Doc'd changes in quoting table/column names on Oracle in Django 4.0. 
Thanks Paul in 't Hout for the report.

Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd.
Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
 2022-06-21 09:11:06 +02:00
Grammy Jiang
6661c48a20 [4.0.x] Updated OWASP Top 10 link in security topic. 
Backport of ef9121f3e6f62060d2904fb1811dbe7d74834686 from main
 2022-06-16 06:36:21 +02:00
Carlton Gibson
fd68bfa652 [4.0.x] Added stub release notes for 4.0.6. 
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
 2022-06-01 14:40:58 +02:00
Carlton Gibson
1f1207ec69 [4.0.x] Updated release date for Django 4.0.5. 
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
 2022-06-01 12:26:49 +02:00
Mariusz Felisiak
bc38eafc61 [4.0.x] Fixed #33753 -- Fixed docs build on Sphinx 5+. 
Empty language is not supported anymore.
Backport of 565ad5ace46aa1e2368450701cba45dd1a95a026 from main
 2022-06-01 12:15:06 +02:00
Mariusz Felisiak
067daffb95 [4.0.x] Bumped minimum Sphinx version to 4.5.0. 
Related Sphinx changes:
- https://github.com/sphinx-doc/sphinx/pull/8898
- https://github.com/sphinx-doc/sphinx/issues/8326
Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main
 2022-05-31 15:24:47 +02:00
Hasan Ramezani
73b4f3f9b3 [4.0.x] Unified AdminSite imports in docs. 
Backport of ce69e34bd646558bb44ea92cecfd98b345a0b3e0 from main
 2022-05-25 13:14:30 +02:00
Sankalp
fe2e147846 [4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation sidebar not focusable. 
Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7.

Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8.

Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
 2022-05-21 14:38:53 +02:00
Burak Kadir Er
e85ed998d5 [4.0.x] Fixed #33721 -- Added DE-9IM link in GEOS docs. 
Backport of 1be9585d73c50df733eb4d1484651bb8548a1205 from main
 2022-05-20 16:48:43 +02:00
Tom Sparrow
1dec0c07de [4.0.x] Removed unnecessary semicolons in docs about performing raw SQL. 
Backport of e89f9571352f42c7752b351ba1e651485e5e7c51 from main
 2022-05-19 10:39:35 +02:00
David Wobrock
4a86883e0a [4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters. 
Thanks Florian Apolloner for the report.
Thanks Simon Charette for the review.

Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
 2022-05-19 07:53:06 +02:00
Mariusz Felisiak
de9c08c0f3 [4.0.x] Refs #33685 -- Doc'd that using PostgreSQL's service names for testing purposes is not supported. 
Backport of 647480166bfe7532e8c471fef0146e3a17e6c0c9 from main
 2022-05-16 09:33:35 +02:00
Mariusz Felisiak
5c6ebe19cc [4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. 
Thanks Ben Picolo for the report.
Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
 2022-05-16 06:18:49 +02:00
Ali Toosi
8b2a93ee5b [4.0.x] Fixed #33680 -- Corrected example of customizing model loading in docs. 
Backport of faab9e6769b01c18d9e3a31504601452eede6150 from main
 2022-05-06 07:27:32 +02:00
Alokik Vijay
256db5c048 [4.0.x] Fixed #33658 -- Doc'd ModelChoiceField.blank attribute. 
Thanks Mariusz Felisiak for reviewing.

Backport of df22566748faa7bd16a9616617875e8370cbe4ee from main
 2022-05-03 15:27:00 +02:00
Carlton Gibson
5db5c33baa [4.0.x] Updated release date for Django 4.0.5. 
Backport of c5fd5e3cc3d767f5983d44b30df72a29c9c5de83 from main
 2022-05-03 09:19:46 +02:00
Steven DeMartini
2308fb5806 [4.0.x] Refs #23435 -- Added note about GenericForeignKey indexes to docs. 
Backport of 562e3bc09aa094a2ebbd3890fa233d04daafa8c9 from main
 2022-04-29 09:23:01 +02:00
David
ed6940f0bf [4.0.x] Added backticks to code literals in various docs. 
Backport of 51874dd1605d0106c68e854572950d2b6f768fc1 from main.
 2022-04-28 11:17:57 +02:00
David
57e7a268b6 [4.0.x] Changed "refactorings" to "refactoring" in docs/releases/1.0.txt. 
Backport of 15b888bb833ca2519a90d5eef71e221f192ea7e1 from main
 2022-04-28 11:16:36 +02:00
David
1df71f8f89 [4.0.x] Changed "ie." to "i.e." in docs. 
Backport of 1c2bf80acb8c434a83a3d29d022dea586609f7b7 from main
 2022-04-28 11:16:12 +02:00
Carlton Gibson
86324f37b3 [4.0.x] Refs #33646 -- Added example for async cross-thread connection access. 
Backport of 6b53114dd862ec97c282fdfdc83579cbd6d1560d from main
 2022-04-20 14:52:52 +02:00
Xiang Zhang
7ac2cd638f [4.0.x] Added TiDB to list of third-party DB backends. 
Backport of c8c6a51a3877c0afde4a85edd36ad308dc8909de from main
 2022-04-20 08:12:55 +02:00
Theofilos Alexiou
f33c636372 [4.0.x] Updated note about ListView pagination example in CBV docs. 
Follow up to 0f0abc20be55d796ecfc3e7698e7ecfd9e9cdf88.
Backport of 470708f50d8c13a50770893b8d7181f5218bf3ac from main
 2022-04-19 21:39:41 +02:00
Dominik
2fc7cb9d39 [4.0.x] Fixed #33644 -- Corrected FAQ about displaying ManyToManyField in list_filter. 
Backport of 7d26d5f8f17637a768f9d46e96547ae12e2418ae from main
 2022-04-19 20:22:09 +02:00
Nick Pope
38f12b2a41 [4.0.x] Updated bpo link to use redirect URI. 
Mirrors the change made in python/cpython#32342.
Backport of 62ffc9883afdc0a9f9674702661062508230d7bf from main
 2022-04-13 13:28:08 +02:00