mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
32974 commits 29 branches 451 tags 693 MiB
Commit graph

32974 commits

This branch
This branch
All branches
Author SHA1 Message Date
Natalia
23a853821b [5.1.x] Bumped version for 5.1.10 release. 2025-06-04 08:46:54 -03:00
Natalia
596542ddb4 [5.1.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in log_response(). 
Suitably crafted requests containing a CRLF sequence in the request
path may have allowed log injection, potentially corrupting log files,
obscuring other attacks, misleading log post-processing tools, or
forging log entries.

To mitigate this, all positional formatting arguments passed to the
logger are now escaped using "unicode_escape" encoding.

Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report.

Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Jake Howard <git@theorangeone.net>

Backport of a07ebec559 from main.
 2025-06-04 08:46:07 -03:00
Natalia
a70841bc03 [5.1.x] Added stub release notes and release date for 5.1.10 and 4.2.22. 
Backport of 1a74434399 from main.
 2025-05-28 10:19:23 -03:00
Jason Judkins
129750a807 [5.1.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable apps tutorial for PEP 625. 
Backport of 1307b8a1cb from main.
 2025-05-26 12:37:29 -03:00
Natalia
32a9cb2179 [5.1.x] Added helpers in csrf_tests and logging_tests to assert logs from log_response(). 
Backport of ad6f998898 from main.
 2025-05-22 15:42:30 -03:00
Natalia
bb92acacac [5.1.x] Refs #26688 -- Added tests for log_response() internal helper. 
Backport of 8970468159 from main.
 2025-05-22 15:42:28 -03:00
Natalia
85bdeb31e2 [5.1.x] Refs #35980 -- Added release note about changes in release artifacts filenames. 
Backport of 42ab99309d from main.
 2025-05-09 13:31:53 -03:00
Natalia
503128a7d1 [5.1.x] Removed "Expected" from release date for 5.1.9 and 4.2.21. 
Backport of c86156378d from main.
 2025-05-09 13:30:58 -03:00
Natalia
73f70b5cc8 [5.1.x] Cleaned up CVE-2025-32873 security archive description. 
Backport of 37f2a77c72 from main.
 2025-05-07 11:37:34 -03:00
Natalia
05fab4e394 [5.1.x] Added CVE-2025-32873 to security archive. 
Backport of fdabda4e05 from main.
 2025-05-07 11:09:35 -03:00
Natalia
2eb42068c2 [5.1.x] Post-release version bump. 2025-05-06 22:35:14 -03:00
Natalia
db5c8a97bb [5.1.x] Bumped version for 5.1.9 release. 2025-05-06 22:32:13 -03:00
Sarah Boyce
0b42f6a528 [5.1.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). 
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
Howard for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 9f3419b519 from main.
 2025-05-06 22:31:16 -03:00
Natalia
1520d18e9c [5.1.x] Added upcoming security release to release notes. 
Backport of 0f5dd0dff3 from main.
 2025-04-30 14:56:53 -03:00
nessita
660067f8e7 [5.1.x] Refs #36341 -- Added release notes for 5.1.9 and 4.2.21 for fix in wordwrap template filter. 
Revision 1e9db35836 fixed a regression in
55d89e25f4, which also needs to be
backported to the stable branches in extended support (5.1.x and 4.2.x).

Backport of c86242d61f from main.
 2025-04-23 17:30:05 -03:00
Matti Pohjanvirta
09a1813cb8 [5.1.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. 
Regression in 55d89e25f4.

This work improves the django.utils.text.wrap() function to ensure that
empty lines and lines with whitespace only are kept instead of being
dropped.

Thanks Matti Pohjanvirta for the report and fix.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 1e9db35836 from main.
 2025-04-23 17:29:29 -03:00
Mariusz Felisiak
0aa0224107 [5.1.x] Fixed warnings per flake8 7.2.0. 
https://github.com/PyCQA/flake8/releases/tag/7.2.0

Backport of 281910ff8e from main.
 2025-04-23 09:37:33 -03:00
nessita
3215e2a232 [5.1.x] Pinned isort version to "<6.0.0" to avoid undesired reformat. 
Backport of 0671a461c4 from main.
 2025-04-23 08:54:10 -03:00
Baptiste Mispelon
af6d305fc7 [5.1.x] Fixed #36320 -- Ignored "duplicated_toc_entry" for ePub docs build. 
Backport of ac16d2876d from main
 2025-04-12 19:40:16 +02:00
Sarah Boyce
39b144badd [5.1.x] Fixed #36298 -- Truncated the overwritten file content in file_move_safe(). 
Regression in 58cd4902a7.

Thanks Baptiste Mispelon for the report.

Backport of 8ad3e80e88 from main.
 2025-04-07 16:15:25 +02:00
Nick Pope
bbf376bbc8 [5.1.x] Fixed #35980 -- Updated setuptools to normalize package names in built artifacts. 
Backport of 3ae049b26b from main.
 2025-04-03 12:38:49 -03:00
Sarah Boyce
be13608613 [5.1.x] Added CVE-2025-27556 to security archive. 
Backport of b83dab7d8d from main.
 2025-04-02 13:33:19 +02:00
Sarah Boyce
ac90c54a86 [5.1.x] Post-release version bump. 2025-04-02 10:39:38 +02:00
Sarah Boyce
5773bc9cf9 [5.1.x] Bumped version for 5.1.8 release. 2025-04-02 10:29:55 +02:00
Sarah Boyce
edc2716d01 [5.1.x] Fixed CVE-2025-27556 -- Mitigated potential DoS in url_has_allowed_host_and_scheme() on Windows. 
Thank you sw0rd1ight for the report.

Backport of 39e2297210 from main.
 2025-04-02 10:28:26 +02:00
Babak Mahmoudy
b3b09dc6ce [5.1.x] Fixed #36213 -- Doc'd MySQL's handling of self-select updates in QuerySet.update(). 
Co-authored-by: Andro Ranogajec <ranogaet@gmail.com>

Backport of be1b776ad8 from main.
 2025-04-02 08:48:02 +02:00
Clifford Gama
3fdc8c31da [5.1.x] Clarified pre_delete and post_delete's origin attributes. 
Backport of 9d5d0e8135 from main.
 2025-03-31 16:13:06 +02:00
Carlton Gibson
5805d1c346 [5.1.x] Simplified Intersphinx configuration example. 
docs.djangoproject.com had been updated to serve the object.inv file
from the default location, so the second tuple element can be None
(the "default" value).

Backport of 5df512e53a from main.
 2025-03-28 09:38:46 +01:00
Carlton Gibson
31262b37d4 [5.1.x] Doc'd how to use Intersphinx in the reusable apps tutorial. 
Backport of 6e54e20cc3 from main.
 2025-03-27 17:37:46 +01:00
Sarah Boyce
451ba1f3cf [5.1.x] Added stub release notes and release date for 5.1.8 and 5.0.14. 
Backport of c75fbe8430 from main.
 2025-03-26 09:04:34 +01:00
Sarah Boyce
e38a80773d [5.1.x] Pinned black == 24.10.0 in GitHub actions, pre-commit and test requirements. 2025-03-25 14:11:32 -03:00
dr-rompecabezas
3266f2516c [5.1.x] Updated ogrinfo output in GIS tutorial. 
Backport of fb65c52040 from main
 2025-03-23 21:36:57 +01:00
mguegnol
659f88e4c9 [5.1.x] Fixed typo in docs/topics/signals.txt. 
Backport of e2b9a17913 from main
 2025-03-23 20:06:39 +01:00
Sarah Boyce
f581b0b5c2 [5.1.x] Documented the updating of translation catalogs in post-release tasks. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 922c1c732a from main.
 2025-03-21 14:56:44 +01:00
Clifford Gama
f927c9f2aa [5.1.x] Fixed #36095 -- Introduced lazy references in "Models across files" section. 
Backport of 6a2c296e70 from main.
 2025-03-21 14:12:23 +01:00
Clifford Gama
bd8bbc8c1a [5.1.x] Refs #36095 -- Doc'd that ManyToManyField.through supports lazy relationships. 
Backport of eb4ea9c3ef from main.
 2025-03-21 14:11:55 +01:00
Carlton Gibson
ab4bb5b2f9 [5.1.x] Fixed #33497 -- Doc'd that persistent DB connections should be disabled in ASGI and async modes. 
Backport of 8713e4ae96 from main.
 2025-03-18 21:28:43 -03:00
Clifford Gama
e9acb05b63 [5.1.x] Fixed #36202 -- Added examples of JSONField __contains and __contained_by lookups with nested arrays to docs. 
Backport of 304e9f3d6a from main
 2025-03-18 21:56:20 +01:00
Clifford Gama
d05cf7c35f [5.1.x] Fixed #36078 -- Doc'd that Postgres normalizes a range field with no points to empty. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 611e7bc3a0 from main.
 2025-03-18 16:53:01 +01:00
YQ
71558701df [5.1.x] Fixed #36254 -- Fixed template dictionary unpacking in docs/topics/i18n/timezones.txt. 
Backport of 30e0a43937 from main.
 2025-03-17 09:49:54 +01:00
Clifford Gama
8cb8820fbf [5.1.x] Fixed pronoun disagreement in docs/ref/models/querysets.txt. 
Backport of ef6a83789b from main.
 2025-03-14 10:51:30 +01:00
Clifford Gama
67fc5805db [5.1.x] Corrected aggregation example in docs/ref/models/querysets.txt. 
Backport of 3235e76eb5 from main.
 2025-03-14 10:50:54 +01:00
hesham hatem
d752ec8259 [5.1.x] Fixed #36249 -- Fixed typo in docs/topics/db/queries.txt. 
Backport of e03440291b from main.
 2025-03-12 18:10:11 -03:00
Adam Johnson
cfc33d146e [5.1.x] Fixed #36234 -- Restored single_object argument to LogEntry.objects.log_actions(). 
Thank you Adam Johnson for the report and fix. Thank you Sarah Boyce for
your spot on analysis.

Regression in c09bceef68, which is
partially reverted in this branch.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 27b68bcadf from main.
 2025-03-12 16:39:14 -03:00
samruddhiDharankar
ccd5867ae6 [5.1.x] Fixed #36066 -- Documented that Q objects can be used directly in annotations. 
Backport of 9120a19c4e from main.
 2025-03-10 12:57:37 +01:00
Sarah Boyce
74d41970af [5.1.x] Added CVE-2025-26699 to security archive. 
Backport of bad1a18ff2 from main.
 2025-03-06 14:07:09 +01:00
Sarah Boyce
4b2ddd015a [5.1.x] Added stub release notes for 5.1.8. 
Backport of 193e3446e3 from main.
 2025-03-06 13:33:23 +01:00
Sarah Boyce
be80d7aa9f [5.1.x] Post-release version bump. 2025-03-06 09:50:56 +01:00
Sarah Boyce
691e945530 [5.1.x] Bumped version for 5.1.7 release. 2025-03-06 09:44:13 +01:00
Sarah Boyce
8dbb44d342 [5.1.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. 
Thanks sw0rd1ight for the report.

Backport of 55d89e25f4 from main.
 2025-03-06 09:42:06 +01:00