Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
29,477 Commits 26 Branches 382 Tags
Commit Graph

29477 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mariusz Felisiak
e01b383e02 [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. 
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
 2022-04-11 10:36:52 +02:00
Mariusz Felisiak
ac2fb5ccb6 [3.2.x] Post-release version bump. 2022-04-11 09:21:27 +02:00
Mariusz Felisiak
08e6073f87 [3.2.x] Bumped version for 3.2.13 release. 3.2.13 2022-04-11 09:13:55 +02:00
Mariusz Felisiak
9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:12:58 +02:00
Mariusz Felisiak
2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:12:06 +02:00
Manel Clos
bdb92dba0b [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9e88c40fc00d848799813241be39129.

Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
 2022-04-11 08:34:01 +02:00
Mariusz Felisiak
70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:51:06 +02:00
Mariusz Felisiak
7e7ea71a8d [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 
This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40.
Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main
 2022-03-26 12:29:03 +01:00
Mariusz Felisiak
610ecc9053 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 
See https://github.com/pallets/jinja/pull/1621.
Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main
 2022-03-25 08:51:41 +01:00
David Smith
754af45773 [3.2.x] Fixed typo in release notes. 
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main.
 2022-02-02 07:19:30 +01:00
Mariusz Felisiak
6f309165e5 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
 2022-02-01 08:53:32 +01:00
Mariusz Felisiak
1e6b555c92 [3.2.x] Post-release version bump. 2022-02-01 08:05:56 +01:00
Mariusz Felisiak
fdf209eab8 [3.2.x] Bumped version for 3.2.12 release. 3.2.12 2022-02-01 08:03:33 +01:00
Mariusz Felisiak
d16133568e [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.

Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
 2022-02-01 07:54:17 +01:00
Markus Holtermann
1a1e8278c4 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:53:21 +01:00
Mariusz Felisiak
a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
 2022-01-25 07:27:35 +01:00
Carlton Gibson
027f4c4ceb [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 
Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
 2022-01-04 11:31:13 +01:00
Carlton Gibson
0a9a46a1d7 [3.2.x] Post-release version bump. 2022-01-04 10:40:22 +01:00
Carlton Gibson
6e499a28ac [3.2.x] Bumped version for 3.2.11 release. 3.2.11 2022-01-04 10:36:54 +01:00
Florian Apolloner
8d2f7cff76 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:19:49 +01:00
Florian Apolloner
c7fe895bca [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:19:49 +01:00
Florian Apolloner
a8b32fe13b [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:19:49 +01:00
Carlton Gibson
b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. 
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
 2021-12-28 10:09:49 +01:00
Mariusz Felisiak
ae242235db [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 
Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6.
Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main
 2021-12-15 18:55:01 +01:00
Mariusz Felisiak
ecd2793897 [3.2.x] Added CVE-2021-44420 to security archive. 
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
 2021-12-07 08:54:16 +01:00
Mariusz Felisiak
1cea03ab00 [3.2.x] Post-release version bump. 2021-12-07 06:53:39 +01:00
Mariusz Felisiak
0153a63a67 [3.2.x] Bumped version for 3.2.10 release. 3.2.10 2021-12-07 06:34:51 +01:00
Florian Apolloner
333c656030 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
 2021-12-07 06:32:24 +01:00
Mariusz Felisiak
6014b812e2 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle. 
Grouping by LOBs is not allowed on Oracle. This moves a binary field to
a separate model.
Backport of d3a64bea51676fcf8a0ae593cf7b103939e12c87 from main
 2021-12-04 15:56:45 +01:00
Mariusz Felisiak
cb724ef6c0 [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL. 
This makes models.BinaryField pickleable on PostgreSQL.

Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d.

Thanks Adam Zimmerman for the report.

Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
 2021-12-03 12:01:28 +01:00
Mariusz Felisiak
0cf2d48ba8 [3.2.x] Added requirements.txt to files ignored by Sphinx builds. 2021-11-30 11:58:43 +01:00
Mariusz Felisiak
487a2da02e [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 
Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main
 2021-11-30 11:26:39 +01:00
Mariusz Felisiak
742d6bc8db [3.2.x] Corrected signatures of QuerySet's methods. 
Backport of a17becf4c7f4e4057e8c94990e4b4999be0aea95 from main
 2021-11-23 07:05:32 +01:00
Mariusz Felisiak
99532fdadf [3.2.x] Corrected isort example in coding style docs. 
Follow up to e74b3d724e5ddfef96d1d66bd1c58e7aae26fc85.
Backport of 8b020f2e64f1cbf2b06205a389a13af6623f90ce from main
 2021-11-22 12:35:12 +01:00
Paolo Melchiorre
31539a63f2 [3.2.x] Corrected "pip install" call in coding style docs. 
Backport of dd528cb2cefc0db8b91a7ff0a2bc87305b976597 from main
 2021-11-22 09:57:44 +01:00
Adam Johnson
76a0a8a917 [3.2.x] Configured Read The Docs to build all formats. 
`all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable?
Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main
 2021-11-18 12:24:34 +01:00
Mariusz Felisiak
04e66e245d [3.2.x] Fixed crash building HTML docs since Sphinx 4.3. 
See dd2ff3e911.
Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main
 2021-11-18 11:23:02 +01:00
Mariusz Felisiak
dfa1145a22 [3.2.x] Corrected multiply defined labels in docs. 
Backport of 60503cc747eeda7c61bab02b71f8f55a733a6eea from main
 2021-11-04 10:46:55 +01:00
Carlton Gibson
9d171643d4 [3.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 
This pins Sphinx version, because the default Sphinx version used by
RTD is not compatible with Python 3.8+.

This also, sets Python 3.8 for RTD builds which is compatible with all
current versions of Django.

Thanks to Mariusz Felisiak for the suggestion.

Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main.
 2021-11-03 18:55:32 +01:00
Carlton Gibson
327dac6e7c [3.2.x] Fixed #33247 -- Added configuration for Read The Docs. 
Co-authored-by: Andrew Neitsch <andrew@neitsch.ca>

Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main
 2021-11-03 18:54:19 +01:00
Adam Johnson
bc691d555e [3.2.x] Corrected module reference in contributing tutorial. 
Backport of 9f3bd9dfc42b4e0ff89566763d211ab9e8f50d5e from main
 2021-11-03 07:48:14 +01:00
Brad
3357ad2de2 [3.2.x] Fixed typo in docs/topics/logging.txt. 
Backport of c7152cb58ea84f51bc2096fb5d3cf03ab31ea985 from main
 2021-11-03 07:42:29 +01:00
Mariusz Felisiak
34e5e61479 [3.2.x] Added stub release notes for Django 3.2.10. 
Backport of d811fa1d1012e746719aa3af351f56ad21f92610 from main
 2021-11-01 10:42:47 +01:00
Mariusz Felisiak
21a56d596a [3.2.x] Post-release version bump. 2021-11-01 10:30:09 +01:00
Mariusz Felisiak
1b3c0d3b54 [3.2.x] Bumped version for 3.2.9 release. 3.2.9 2021-11-01 10:21:48 +01:00
Mariusz Felisiak
e299cc2d2c [3.2.x] Added release date for 3.2.9. 
Backport of 7ec603ba259083298c9598a41987b4c4f2a5d134 from main
 2021-11-01 10:19:37 +01:00
Vikash Singh
947d2707c6 [3.2.x] Added Google Cloud Spanner to list of third-party DB backends. 
Backport of 125f9afc2c42449ee79283fefa778651acfd4aed from main
 2021-11-01 10:10:54 +01:00
Carlton Gibson
128179c0f8 [3.2.x] Refs #33182 -- Adjusted custom admin theming example to use correct template block. 
Backport of a754b82dac511475b6276039471ccd17cc64aeb8 from main
 2021-10-27 12:18:04 +02:00
Hannes Ljungberg
f5802a21c4 [3.2.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes on SQLite. 
This adjusts Expressions.rename_table_references() to only update alias
when needed.

Regression in 83fcfc9ec8610540948815e127101f1206562ead.

Co-authored-by: Simon Charette <charettes@users.noreply.github.com>

Backport of 86971c40909430a798e4e55b140004c4b1fb02ff from main.
 2021-10-18 09:37:46 +02:00
Nick Frazier
fdc1c6435c [3.2.x] Fixed #33198 -- Corrected BinaryField.max_length docs. 
Backport of 0d4e575c96d408e0efb4dfd0cbfc864219776950 from main
 2021-10-18 08:24:36 +02:00