mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 10:59:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
29559 commits 29 branches 451 tags 744 MiB
Commit graph

29559 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariusz Felisiak
3591e1c1ac [3.2.x] Added CVE-2024-27351 to security archive. 
Backport of da39ae4b5f from main
 2024-03-04 10:13:19 +01:00
Mariusz Felisiak
e64c7e8ac7 [3.2.x] Post-release version bump. 2024-03-04 08:50:38 +01:00
Mariusz Felisiak
c98eca322a [3.2.x] Bumped version for 3.2.25 release. 2024-03-04 08:48:18 +01:00
Shai Berger
072963e4c4 [3.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). 
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:37:38 +01:00
Mariusz Felisiak
2ad2676456 [3.2.x] Added release date for 3.2.25. 
Backport of 977d254169 from main
 2024-02-26 08:30:32 +01:00
Mariusz Felisiak
fc41af69a2 [3.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8.

Backport of 2f14c2cedc from main.
 2024-02-08 11:03:21 +01:00
Natalia
b9170b4a9e [3.2.x] Added CVE-2024-24680 to security archive. 
Backport of c650c1412d from main
 2024-02-06 12:17:11 -03:00
Natalia
e5350a931a [3.2.x] Post release version bump. 2024-02-06 10:39:23 -03:00
Natalia
f5c880857e [3.2.x] Bumped version for 3.2.24 release. 2024-02-06 10:32:27 -03:00
Adam Johnson
c1171ffbd5 [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
 2024-02-06 10:28:51 -03:00
Natalia
9dc345643e [3.2.x] Added stub release notes 3.2.24. 
Backport of 06d0a1bd56 from main
 2024-01-29 11:55:24 -03:00
Denys Halenok
90eae45b38
[3.2.x] Fixed documented alias of smart_text(). 2024-01-11 20:16:20 +01:00
Mariusz Felisiak
c9ad858033
[3.2.x] Pinned python-memcached == 1.59 in test requirements. 
python-memcached 1.60 made breaking changes, e.g. _deletetouch() has
been removed.
 2023-12-27 14:22:20 +01:00
Mariusz Felisiak
12b685c61f [3.2.x] Added CVE-2023-46695 to security archive. 
Backport of 7caf262183 from main
 2023-11-01 08:18:33 +01:00
Mariusz Felisiak
0059182643 [3.2.x] Post-release version bump. 2023-11-01 06:34:10 +01:00
Mariusz Felisiak
60e648a7ae [3.2.x] Bumped version for 3.2.23 release. 2023-11-01 06:31:51 +01:00
Mariusz Felisiak
f9a7fb8466 [3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2023-11-01 06:30:59 +01:00
Mariusz Felisiak
e6d2591d9e [3.2.x] Added stub release notes for 3.2.23. 
Backport of fdd1323b9c from main.
 2023-10-25 05:47:09 +02:00
Natalia
3c04b74293 [3.2.x] Added CVE-2023-43665 to security archive. 
Backport of 4e790271e3 from main
 2023-10-04 13:11:42 -03:00
Natalia
86a14d653f [3.2.x] Post release version bump. 2023-10-04 10:57:29 -03:00
Natalia
3106e94e52 [3.2.x] Bumped version for 3.2.22 release. 2023-10-04 10:34:56 -03:00
Natalia
ccdade1a02 [3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:41:12 -03:00
Natalia
6caf7b313d [3.2.x] Added stub release notes for 3.2.22. 
Backport of 24f1a38b37 from main.
 2023-09-27 14:34:57 -03:00
Mariusz Felisiak
9e814c3a5e [3.2.x] Added CVE-2023-41164 to security archive. 
Backport of 8a98768868 from main
 2023-09-04 13:18:49 +02:00
Mariusz Felisiak
4b439dcd05 [3.2.x] Post-release version bump. 2023-09-04 12:25:28 +02:00
Mariusz Felisiak
fd0ccd7fb3 [3.2.x] Bumped version for 3.2.21 release. 2023-09-04 12:23:57 +02:00
Mariusz Felisiak
6f030b1149 [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.

Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-09-04 12:23:18 +02:00
Mariusz Felisiak
73350a6369 [3.2.x] Added stub release notes for 3.2.21. 
Backport of 24f1a38b37 from main.
 2023-08-28 06:19:18 +02:00
David Smith
75418f8c0e [3.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+. 
Backport of b3e0170ab5 from main
 2023-08-03 09:38:10 +02:00
Mariusz Felisiak
848fe70f3e [3.2.x] Added CVE-2023-36053 to security archive. 
Backport of 1d6fbf16f2 from main
 2023-07-03 10:31:45 +02:00
Mariusz Felisiak
4012a87a58 [3.2.x] Post-release version bump. 2023-07-03 08:36:12 +02:00
Mariusz Felisiak
19bc11f636 [3.2.x] Bumped version for 3.2.20 release. 2023-07-03 08:33:38 +02:00
Mariusz Felisiak
454f2fb934 [3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:32:26 +02:00
Mariusz Felisiak
07cc014cb3 [3.2.x] Added stub release notes for 3.2.20. 
Backport of 2360ba2274 from main
 2023-06-26 14:39:49 +02:00
Mariusz Felisiak
e1bbbbe6ac [3.2.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if Pillow isn't installed. 
Follow up to fb4c55d9ec.
Backport of fcfbf08abe from main
 2023-05-04 08:10:11 +02:00
Mariusz Felisiak
47ef12e69c [3.2.x] Added CVE-2023-31047 to security archive. 
Backport of 49830025c9 from main
 2023-05-03 15:22:32 +02:00
Mariusz Felisiak
15f90ebff3 [3.2.x] Post-release version bump. 2023-05-03 14:00:58 +02:00
Mariusz Felisiak
fc42edd2e6 [3.2.x] Bumped version for 3.2.19 release. 2023-05-03 13:59:19 +02:00
Mariusz Felisiak
eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-05-03 13:58:52 +02:00
Mariusz Felisiak
007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt. 2023-04-26 09:37:36 +02:00
Mariusz Felisiak
a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19. 
Backport of 18a7f2c711 from main
 2023-04-26 08:54:18 +02:00
Carlton Gibson
963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive. 
Backport of ecafcaf634 from main
 2023-02-14 09:57:00 +01:00
Carlton Gibson
e34a2283f2 [3.2.x] Post-release version bump. 2023-02-14 09:07:53 +01:00
Carlton Gibson
722e9f8a38 [3.2.x] Bumped version for 3.2.18 release. 2023-02-14 09:04:22 +01:00
Markus Holtermann
a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 
Thanks to Jakob Ackermann for the report.
 2023-02-07 10:39:25 +01:00
Carlton Gibson
932b5bd52d [3.2.x] Added stub release notes for 3.2.18. 
Backport of 7e003428f9 from main
 2023-02-07 10:14:53 +01:00
Mariusz Felisiak
c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive. 
Backport of 36e3eef7d5 from main
 2023-02-01 12:11:00 +01:00
Mariusz Felisiak
9bd8db3940 [3.2.x] Post-release version bump. 2023-02-01 10:00:34 +01:00
Mariusz Felisiak
aed1bb56d1 [3.2.x] Bumped version for 3.2.17 release. 2023-02-01 09:58:36 +01:00
Nick Pope
c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
 2023-02-01 09:48:18 +01:00