mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-22 11:57:34 +01:00
Code Issues Releases Wiki Activity
ae5743d461
django/docs/releases/4.2.5.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

34 lines
1.2 KiB
Plaintext
Raw Normal View History

Added stub release notes for 4.2.5.
2023-08-01 19:52:36 +02:00
==========================
Django 4.2.5 release notes
==========================
Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21.
2023-08-24 07:56:05 +02:00
*September 4, 2023*
Added stub release notes for 4.2.5.
2023-08-01 19:52:36 +02:00
Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21.
2023-08-24 07:56:05 +02:00
Django 4.2.5 fixes a security issue with severity "moderate" and several bugs
in 4.2.4.
Added stub release notes for 4.2.5.
2023-08-01 19:52:36 +02:00
Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-08-22 08:53:03 +02:00
CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
===================================================================================================
``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
service attack via certain inputs with a very large number of Unicode
characters.
Added stub release notes for 4.2.5.
2023-08-01 19:52:36 +02:00
Bugfixes
========
Fixed #34754 -- Fixed JSONField check constraints validation on NULL values. The __isnull lookup of JSONField must special case Value(None, JSONField()) left-hand-side in order to be coherent with its convoluted null handling. Since psycopg>=3 offers no way to pass a NULL::jsonb the issue is resolved by optimizing IsNull(Value(None), True | False) to True | False. Regression in 5c23d9f0c32f166c81ecb6f3f01d5077a6084318. Thanks Alexandre Collet for the report.
2023-08-03 02:47:49 +02:00
* Fixed a regression in Django 4.2 that caused an incorrect validation of
``CheckConstraints`` on ``__isnull`` lookups against ``JSONField``
(:ticket:`34754`).
Fixed #34773 -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings with STORAGES. Thanks Petr Dlouhý for the report. Bug in 32940d390a00a30a6409282d314d617667892841.
2023-08-18 18:11:24 +02:00
* Fixed a bug in Django 4.2 where the deprecated ``DEFAULT_FILE_STORAGE`` and
``STATICFILES_STORAGE`` settings were not synced with ``STORAGES``
(:ticket:`34773`).
Fixed #34779 -- Avoided unnecessary selection of non-nullable m2m fields without natural keys during serialization. By using `select_related(None)` instead of `select_related()`, the unnecessary joins are completely avoided. Note that the current tests already covers the change, when the field is not `null=True`. Regression in f9936deed1ff13b20e18bd9ca2b0750b52706b6c.
2023-08-15 21:53:30 +02:00
* Fixed a regression in Django 4.2.2 that caused an unnecessary selection of a
non-nullable ``ManyToManyField`` without a natural key during serialization
(:ticket:`34779`).
Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations. Thanks Pierre-Nicolas Rigal for the report. Regression in c67ea79aa981ae82595d89f8018a41fcd842e7c9.
2023-08-31 09:51:44 +02:00
* Fixed a regression in Django 4.2 that caused a crash of a queryset when
filtering against deeply nested ``OuterRef()`` annotations (:ticket:`34803`).
Copy Permalink