Carlton Gibson
62b2e8b37e
Added commits for CVE-2021-31542 to security archive.
2021-05-04 11:09:21 +02:00
Carlton Gibson
607ebbfba9
Added CVE-2021-31542 to security archive.
2021-05-04 11:06:07 +02:00
Carlton Gibson
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Tim Graham
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
Hasan Ramezani
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00
Carlton Gibson
907d3a7ff4
Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated.
2021-04-29 13:53:56 +02:00
Mariusz Felisiak
baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
...
Follow up to 1871182031
2021-04-29 12:04:30 +02:00
David Wobrock
4ab3ef238e
Fixed #32675 -- Doc'd that autodector changes might cause generation of no-op migrations.
...
Follow up to aa4acc164d
2021-04-29 07:46:22 +02:00
Simon Charette
c8b6594305
Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdc
2021-04-28 12:13:55 +02:00
Konstantin Alekseev
6e742dabc9
Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb876
2021-04-27 10:43:35 +02:00
Mariusz Felisiak
1871182031
Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a1
2021-04-27 10:34:47 +02:00
Zain Patel
4e5bbb6ef2
Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b3205
2021-04-26 07:08:16 +02:00
Simon Charette
6d0cbe42c3
Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
...
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9#27149 ).
Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
Mariusz Felisiak
34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
...
Thanks Jared Lockhart for the report.
Regression in c36075ac1d
2021-04-21 09:41:37 +02:00
Carlton Gibson
5c73fbb6a9
Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
...
Regression in 30e59705fc
2021-04-21 08:31:06 +02:00
Tobias Bengfort
54e94640ac
Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite.
2021-04-20 11:44:41 +02:00
Florian Apolloner
4511d14598
Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
...
Thanks Jan Pieter Waagmeester for the report.
Regression in 2d6179c819
2021-04-14 22:52:59 +02:00
Mariusz Felisiak
ca98729055
Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
...
Thanks Matt Westcott for the report.
Regression in 779e615e36
2021-04-14 21:11:17 +02:00
Mariusz Felisiak
338eb65b6e
Refs #32548 -- Forwardported 3.2.1 release note.
2021-04-14 20:25:58 +02:00
Arthur Jovart
08c60cce3b
Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.
2021-04-14 16:50:47 +02:00
Mariusz Felisiak
23fa29f6a6
Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes.
...
Thanks Dlis for the report.
Regression in 26a413507a
2021-04-14 12:23:47 +02:00
Hasan Ramezani
a77c9a4229
Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition.
...
Regression in b7b7df5fbc
2021-04-14 10:06:18 +02:00
Mariusz Felisiak
3b8527e32b
Fixed #32637 -- Restored exception message on technical 404 debug page.
...
Thanks Atul Varma for the report.
2021-04-13 09:15:04 +02:00
Iuri de Silvio
9760e262f8
Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns.
2021-04-12 21:11:40 +02:00
Adam Johnson
45a58c31e6
Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD.
2021-04-08 13:17:08 +02:00
Claude Paroz
30e123ed35
Fixed #32575 -- Added support for SpatiaLite 5.
2021-04-08 09:36:29 +02:00
Claude Paroz
3ae4344bbd
Dropped support for GEOS 3.5 and GDAL 2.0.
2021-04-07 20:39:30 +02:00
girishsontakke
98abc0c90e
Fixed #32501 -- Added support for returning fields from INSERT statements on SQLite 3.35+.
2021-04-07 20:09:56 +02:00
Carlton Gibson
3f2920ae1d
Corrected release number format in 3.2.1 release notes.
2021-04-07 19:44:29 +02:00
Claude Paroz
e3cfba0029
Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.
2021-04-07 15:54:24 +02:00
Carlton Gibson
5b05a45c62
Corrected wrapping in 3.2 release notes.
...
Partially reverts 0802b404a2
2021-04-07 07:27:31 +02:00
Carlton Gibson
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
Carlton Gibson
0802b404a2
Added release date for Django 3.2.
...
Adjusted wrapping in release notes where needed.
2021-04-06 11:20:59 +02:00
Carlton Gibson
5aea50e57f
Updated asgiref dependency for 3.2 release series.
2021-04-06 10:38:43 +02:00
Mariusz Felisiak
1eac8468cb
Added CVE-2021-28658 to security archive.
2021-04-06 09:42:31 +02:00
Mariusz Felisiak
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
Adam Johnson
e32722d160
Fixed #32383 -- Added source map support to ManifestStaticFilesStorage.
2021-04-02 12:21:21 +02:00
Maxim Milovanov
d915dd1c58
Fixed #32204 -- Added quick filter to admin's navigation sidebar.
2021-03-31 09:31:37 +02:00
William Schwartz
7248afe12f
Refs #32105 -- Moved ExceptionReporter template paths to properties.
...
Refs #32316 .
2021-03-31 08:41:57 +02:00
bankc
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Chris Jerdonek
038940cf55
Fixed #29127 -- Prevented DiscoverRunner from hiding tagged test with syntax errors.
...
This mades _FailedTest objects always match tags in DiscoverRunner.
2021-03-30 10:26:20 +02:00
Nick Pope
2f13c476ab
Fixed #31487 -- Added precision argument to Round().
2021-03-29 09:43:08 +02:00
Florian Demmer
3a185cee2a
Fixed #32573 -- Fixed bounds in __iso_year lookup optimization.
2021-03-23 21:27:55 +01:00
Baptiste Mispelon
41e6b2a3c5
Fixed #32556 -- Fixed handling empty string as non-boolean attributes value by assertHTMLEqual().
2021-03-19 20:41:57 +01:00
Daniyal
474cc420bf
Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.
2021-03-19 08:04:37 +01:00
Tim Graham
2411b8b5eb
Fixed #16010 -- Added Origin header checking to CSRF middleware.
...
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
Tim Graham
dba44a7a7a
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
2021-03-18 20:00:22 +01:00
Adam Johnson
f6713cda89
Fixed #31370 -- Added support for parallel tests with --buffer.
2021-03-18 15:30:47 +01:00
Adam Johnson
45814af619
Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error.
2021-03-17 20:56:09 +01:00
