33659 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Clifford Gama	6df19412aa	Refs #27236 -- Removed references to removed index_together migration methods.	2025-07-03 15:23:25 +02:00
Natalia	94ebcf8366	Added release date for 5.2.4.	2025-07-02 15:55:14 -03:00
Natalia	7ab6b863da	Added stub release notes for 5.2.5.	2025-07-02 15:51:02 -03:00
Matthew Stell	7feafd79a4	Fixed #35846 -- Ensured consistent path ordering in ManifestStaticFilesStorage manifest files. ... This change reuses the existing sorting of `hashed_files` in `ManifestStaticFilesStorage.save_manifest` to also store a sorted `paths` mapping in the manifest file. This ensures stable manifest output that does not change unnecessarily.	2025-07-01 15:24:34 -03:00
Roel Delos Reyes	58fc40427f	Fixed #36479 -- Improved how FileNotFoundError is triggered in code formatter tests. ... Ensured the test for formatter subprocess FileNotFoundError doesn't rely on platform-specific behavior, improving reliability on macOS and other systems by consistently using pathlib to build test paths.	2025-07-01 15:24:07 -03:00
Simon Charette	192bc7a7be	Fixed #36464 -- Fixed "__in" tuple lookup on backends lacking native support. ... When native support for tuple lookups is missing in a DB backend, it can be emulated with an EXISTS clause. This is controlled by the backend feature flag "supports_tuple_lookups". The mishandling of subquery right-hand side in `TupleIn` (added to support `CompositePrimaryKey` in Refs #373) was likely missed because the only core backend we test with the feature flag disabled (Oracle < 23.4) supports it natively. Thanks to Nandana Raol for the report, and to Sarah Boyce, Jacob Walls, and Natalia Bidart for reviews.	2025-06-30 20:15:25 -03:00
Natalia	ff0ff98d42	Refs #15727 -- Updated AdminSeleniumTestCase to use ContentSecurityPolicyMiddleware. ... Replaced the custom CSP middleware previously used in the admin's AdminSeleniumTestCase with the official ContentSecurityPolicyMiddleware. This change ensures alignment with Django's built-in CSP support. Also updates the test logic to inspect browser console logs to assert that no CSP violations are triggered during Selenium admin tests.	2025-06-27 15:57:02 -03:00
Rob Hudson	d63241ebc7	Fixed #15727 -- Added Content Security Policy (CSP) support. ... This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>	2025-06-27 15:57:02 -03:00
antoliny0919	3f59711581	Fixed #36366 -- Improved accessibility of pagination in the admin.	2025-06-27 18:03:16 +02:00
wookkl	29f5e1e97d	Fixed #35595, #35962 -- Removed indexes and constraints before fields in migrations.	2025-06-27 17:17:45 +02:00
Sarah Boyce	a388287692	Fixed indentation in docs/internals/howto-release-django.txt.	2025-06-27 09:46:17 -03:00
Sarah Boyce	af6ed55fcd	Separated creating the release and setting it as default in Trac in the post-release steps.	2025-06-27 09:46:17 -03:00
Mike Edmunds	23529b6627	Fixed #36478 -- Fixed inconsistent mail attachment handling. ... Fixed an inconsistency between EmailMessage.attach() and .attachments when attaching bytes content with a text/* mimetype. The attach() function decodes UTF-8 bytes if possible and otherwise changes the mimetype to application/octet-stream to preserve the content's unknown encoding (refs #27007). Providing equivalent content directly in EmailMessage.attachments did not apply the same logic, leading to an "AttributeError: 'bytes' object has no attribute 'encode'" in SafeMIMEText.set_payload(). Updated EmailMessage._create_mime_attachment() to match attach()'s handling for text/* mimetypes with bytes content. Updated test cases to accurately cover behavior on both paths.	2025-06-26 08:54:01 +02:00
michalpokusa	68a45d9a80	Fixed #36386 -- Added styles and icons for INFO and DEBUG messages in the admin.	2025-06-25 12:46:58 +02:00
Mariusz Felisiak	7091801e04	Fixed #36471 -- Added support for __coveredby GIS lookup and Collect, GeoHash, IsValid on MariaDB 12.0.1+.	2025-06-25 08:58:22 +02:00
Jacob Walls	b2407e4d7d	Fixed #35305 -- Avoided recreating constraints on fields renamed via db_column.	2025-06-23 14:06:14 +02:00
Tim Graham	54402a7529	Removed @skipIfDBFeature silencing of nonexistent features. ... Follow up to f5df7ed7e6.	2025-06-21 14:51:34 +02:00
Tim Graham	f5df7ed7e6	Removed @skipUnlessDBFeature silencing of nonexistent features. ... This was added in 46c7707e50 but is obsolete now that gis_tests are discovered separately. It's error-prone to ignore mistyped names.	2025-06-20 17:16:22 +02:00
Jacob Walls	8ede411a81	Fixed #36152 -- Deprecated use of "%" in column aliases. ... Unintentional support existed only on SQLite and Oracle.	2025-06-20 08:25:22 +02:00
Jacob Walls	56f468681a	Refs #35038 -- Reduced CreateModel/AlterConstraint operations when optimizing migrations.	2025-06-19 12:22:23 +02:00
Jake Howard	bc1bfe12b6	Clarified that only latest dependency versions are valid for security reports.	2025-06-18 11:04:34 -03:00
haileyajohnson	22506b2c16	Fixed #36465, Refs #35816 -- Disallowed '+' and '-' characters in template variable names. ... Regression in 5183f7c287. Thank you to Jon Banafato and Baptiste Mispelon for the report.	2025-06-18 14:04:39 +02:00
Lukas Komischke	db4d65f8be	Fixed #36467 -- Removed leading whitespaces from Set-Cookie header values in WSGIHandler. ... This also aligned the Set-Cookie logic in the WSGIHandler and ASGIHandler. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-06-18 11:25:14 +02:00
Sarah Boyce	1cd91d5d4b	Refs #36467 -- Added test for Set-Cookie header values in ASGIHandler.	2025-06-18 11:25:14 +02:00
michalpokusa	1520870c4a	Fixed #36437 -- Improved accessibility of messages in admin.	2025-06-18 08:37:44 +02:00
Clifford Gama	74b31cd26b	Fixed #32770 -- Added system check to ensure django.contrib.postgres is installed when using its features. ... Added postgres.E005 to validate 'django.contrib.postgres' is in INSTALLED_APPS when using: * PostgreSQL-specific fields (ArrayField, HStoreField, range fields, SearchVectorField), * PostgreSQL indexes (PostgresIndex and all subclasses), and * ExclusionConstraint The check provides immediate feedback during system checks rather than failing later with obscure runtime and database errors. Thanks to Simon Charette and Sarah Boyce for reviews.	2025-06-18 08:36:49 +02:00
nessita	8c56e93975	Refs #36009 -- Added GitHub action workflow to run tests with latest stable postgis version.	2025-06-17 15:25:47 -03:00
nessita	0f60102444	Added guidance on AI-assisted security reports to docs/internals/security.txt. ... Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: Mike Edmunds <medmunds@gmail.com>	2025-06-17 11:45:03 -03:00
Natalia	d6e0c71017	Refs #36380 -- Replaced mocked logging assertions in tests/backends/tests.py.	2025-06-16 17:41:24 -03:00
Natalia	1a03a984ab	Fixed #36380 -- Deferred SQL formatting when running tests with --debug-sql. ... Thanks to Jacob Walls for the report and previous iterations of this fix, to Simon Charette for the logging formatter idea, and to Tim Graham for testing and ensuring that 3rd party backends remain compatible. This partially reverts d8f093908c. Refs #36112, #35448. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-06-16 17:41:24 -03:00
Clifford Gama	104cbfd44b	Fixed #36453 -- Made When.condition resolve with for_save=False. ... Value(None, JSONField()) when used in When.condition incorrectly resolved with for_save=True, resulting in the value being serialized as SQL NULL instead of JSON null. Regression in c1fa3fdd04. Thanks to Thomas McKay for the report, and to David Sanders and Simon Charettes for the review. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-06-16 10:40:29 +02:00
Jake Howard	12c1557060	Fixed #36447 -- Selected preferred media type based on quality. ... When matching which entry in the `Accept` header should be used for a given media type, the specificity matters. However once those are resolved, only the quality matters when selecting preference. Regression in c075508b4d. Thank you to Anders Kaseorg for the report.	2025-06-16 09:25:25 +02:00
Sarah Boyce	8e2249bc79	Corrected jsonfield fieldlookup references.	2025-06-13 09:50:56 +02:00
Colleen Dunlap	830e69a868	Fixed #36433 -- Fixed constraint validation crash when condition uses a ForeignKey attname. ... Regression in e44e8327d3. Thank you to Jacob Walls for the report. Co-authored-by: Simon Charette <charette.s@gmail.com>	2025-06-13 08:50:25 +02:00
Tim Graham	3306b7283b	Refs #35676 -- Added supports_table_check_constraints skip to model_forms tests.	2025-06-13 08:11:04 +02:00
Claude Paroz	f2f6046c0f	Fixed #25706 -- Refactored geometry widgets to remove inline JavaScript. ... Refactored GIS-related JavaScript initialization to eliminate inline scripts from templates. Added support for specifying a base layer using the new `base_layer_name` attribute on `BaseGeometryWidget`, allowing custom map tile providers via user-defined JavaScript. As a result, the `gis/openlayers-osm.html` template was removed. Thanks Sarah Boyce for reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>	2025-06-12 17:35:14 -03:00
Sulove Bista	e80b33ae4d	Fixed #36463 -- Fixed grammar in docs/intro/contributing.txt.	2025-06-12 15:14:15 -03:00
ruvilonix	f5cb757a67	Fixed #36454 -- Fixed typo in docs/intro/tutorial08.txt.	2025-06-12 09:55:30 +02:00
viliam mihalik	bd65e82831	Fixed #36442 -- Cloned FilteredRelation before rename_prefix_from_q.	2025-06-12 08:36:54 +02:00
Clifford Gama	95a5c9b794	Made minor grammar and punctuation fixes in docs/topics/migrations.txt.	2025-06-11 12:52:26 -03:00
Adam Johnson	75cd4fc8e3	Removed default value for app_configs in system check functions. ... The documentation[0] encourages users to write functions without a default for `app_configs`, and checks are always passed the argument. [0] https://docs.djangoproject.com/en/5.2/topics/checks/	2025-06-11 12:46:28 -03:00
Jericho Serrano	1960ecd879	Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with msgfmt 0.25.	2025-06-11 17:09:16 +02:00
junghwan16	091f66e51a	Fixed #36425 -- Standardized integer fields descriptions.	2025-06-11 09:59:00 +02:00
Sarah Boyce	2714bc3f2c	Added follow-up to CVE-2025-48432 to security archive.	2025-06-10 15:08:30 +02:00
Sarah Boyce	7fcc7b1a0c	Added stub release notes for 5.2.4.	2025-06-10 12:29:28 +02:00
nakano	aafe320712	Fixed #36448 -- Fixed GeoDjango spelling in test_commands.py docstrings.	2025-06-10 09:50:21 +02:00
Jacob Walls	76e1ca77bc	Refs #373 -- Doc'd that on_delete is ignored for ForeignObject.	2025-06-10 09:44:40 +02:00
Jacob Walls	5942754769	Fixed #36449 -- Fixed field types in example model using ForeignObject.	2025-06-10 09:44:40 +02:00
Mariusz Felisiak	f5441e42da	Refs #36419 -- Fixed BulkUpdateTests.test_json_field_sql_null() crash on Oracle. ... Follow up to c1fa3fdd04.	2025-06-10 08:40:47 +02:00
Jacob Walls	a68e8565cd	Refs #34378, #36143, #36416 -- Fixed isolation of LookupTests.test_in_bulk_preserve_ordering_with_batch_size(). ... `max_query_params` is a property, so it must be patched on the class.	2025-06-09 17:40:22 -03:00