mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 05:36:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
32984 commits 29 branches 451 tags 717 MiB
Commit graph

32984 commits

This branch
This branch
All branches
Author SHA1 Message Date
nessita
37f6474380 [5.1.x] Fixed GitHub Action that checks commit prefixes to fetch PR head correctly. 
Backport of 8499fba0e1 from main.
 2025-07-16 15:37:35 -03:00
nessita
31045931aa [5.1.x] Added GitHub Action to enforce stable branch commit message prefix. 
Backport of 10386fac00 from main.
 2025-07-16 08:39:34 -03:00
Sarah Boyce
97c753741a [5.1.x] Added follow-up to CVE-2025-48432 to security archive. 
Backport of 2714bc3f2c from main.
 2025-06-10 15:15:14 +02:00
Sarah Boyce
353a6af6d9 [5.1.x] Post-release version bump. 2025-06-10 11:50:05 +02:00
Sarah Boyce
2285698fc1 [5.1.x] Bumped version for 5.1.11 release. 2025-06-10 11:47:54 +02:00
Jake Howard
31f4bd31fa [5.1.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response logging. 
Migrated remaining response-related logging to use the `log_response()`
helper to avoid potential log injection, to ensure untrusted values like
request paths are safely escaped.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 9579517552 from main.
 2025-06-06 09:09:06 -03:00
Natalia
363d256685 [5.1.x] Refs CVE-2025-48432 -- Made SuspiciousOperation logging use log_response() for consistency. 
Backport of ff835f439c from main.
 2025-06-06 09:07:54 -03:00
Natalia
15e4df1d33 [5.1.x] Refactored logging_tests to reuse assertions for log records. 
Backport of 9d72e7daf7 from main.
 2025-06-06 09:07:48 -03:00
Natalia
976e34a2a5 [5.1.x] Added CVE-2025-48432 to security archive. 
Backport of 51923c576a from main.
 2025-06-04 10:58:49 -03:00
Natalia
400170b69e [5.1.x] Post-release version bump. 2025-06-04 08:49:22 -03:00
Natalia
23a853821b [5.1.x] Bumped version for 5.1.10 release. 2025-06-04 08:46:54 -03:00
Natalia
596542ddb4 [5.1.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in log_response(). 
Suitably crafted requests containing a CRLF sequence in the request
path may have allowed log injection, potentially corrupting log files,
obscuring other attacks, misleading log post-processing tools, or
forging log entries.

To mitigate this, all positional formatting arguments passed to the
logger are now escaped using "unicode_escape" encoding.

Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report.

Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Jake Howard <git@theorangeone.net>

Backport of a07ebec559 from main.
 2025-06-04 08:46:07 -03:00
Natalia
a70841bc03 [5.1.x] Added stub release notes and release date for 5.1.10 and 4.2.22. 
Backport of 1a74434399 from main.
 2025-05-28 10:19:23 -03:00
Jason Judkins
129750a807 [5.1.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable apps tutorial for PEP 625. 
Backport of 1307b8a1cb from main.
 2025-05-26 12:37:29 -03:00
Natalia
32a9cb2179 [5.1.x] Added helpers in csrf_tests and logging_tests to assert logs from log_response(). 
Backport of ad6f998898 from main.
 2025-05-22 15:42:30 -03:00
Natalia
bb92acacac [5.1.x] Refs #26688 -- Added tests for log_response() internal helper. 
Backport of 8970468159 from main.
 2025-05-22 15:42:28 -03:00
Natalia
85bdeb31e2 [5.1.x] Refs #35980 -- Added release note about changes in release artifacts filenames. 
Backport of 42ab99309d from main.
 2025-05-09 13:31:53 -03:00
Natalia
503128a7d1 [5.1.x] Removed "Expected" from release date for 5.1.9 and 4.2.21. 
Backport of c86156378d from main.
 2025-05-09 13:30:58 -03:00
Natalia
73f70b5cc8 [5.1.x] Cleaned up CVE-2025-32873 security archive description. 
Backport of 37f2a77c72 from main.
 2025-05-07 11:37:34 -03:00
Natalia
05fab4e394 [5.1.x] Added CVE-2025-32873 to security archive. 
Backport of fdabda4e05 from main.
 2025-05-07 11:09:35 -03:00
Natalia
2eb42068c2 [5.1.x] Post-release version bump. 2025-05-06 22:35:14 -03:00
Natalia
db5c8a97bb [5.1.x] Bumped version for 5.1.9 release. 2025-05-06 22:32:13 -03:00
Sarah Boyce
0b42f6a528 [5.1.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). 
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
Howard for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 9f3419b519 from main.
 2025-05-06 22:31:16 -03:00
Natalia
1520d18e9c [5.1.x] Added upcoming security release to release notes. 
Backport of 0f5dd0dff3 from main.
 2025-04-30 14:56:53 -03:00
nessita
660067f8e7 [5.1.x] Refs #36341 -- Added release notes for 5.1.9 and 4.2.21 for fix in wordwrap template filter. 
Revision 1e9db35836 fixed a regression in
55d89e25f4, which also needs to be
backported to the stable branches in extended support (5.1.x and 4.2.x).

Backport of c86242d61f from main.
 2025-04-23 17:30:05 -03:00
Matti Pohjanvirta
09a1813cb8 [5.1.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. 
Regression in 55d89e25f4.

This work improves the django.utils.text.wrap() function to ensure that
empty lines and lines with whitespace only are kept instead of being
dropped.

Thanks Matti Pohjanvirta for the report and fix.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 1e9db35836 from main.
 2025-04-23 17:29:29 -03:00
Mariusz Felisiak
0aa0224107 [5.1.x] Fixed warnings per flake8 7.2.0. 
https://github.com/PyCQA/flake8/releases/tag/7.2.0

Backport of 281910ff8e from main.
 2025-04-23 09:37:33 -03:00
nessita
3215e2a232 [5.1.x] Pinned isort version to "<6.0.0" to avoid undesired reformat. 
Backport of 0671a461c4 from main.
 2025-04-23 08:54:10 -03:00
Baptiste Mispelon
af6d305fc7 [5.1.x] Fixed #36320 -- Ignored "duplicated_toc_entry" for ePub docs build. 
Backport of ac16d2876d from main
 2025-04-12 19:40:16 +02:00
Sarah Boyce
39b144badd [5.1.x] Fixed #36298 -- Truncated the overwritten file content in file_move_safe(). 
Regression in 58cd4902a7.

Thanks Baptiste Mispelon for the report.

Backport of 8ad3e80e88 from main.
 2025-04-07 16:15:25 +02:00
Nick Pope
bbf376bbc8 [5.1.x] Fixed #35980 -- Updated setuptools to normalize package names in built artifacts. 
Backport of 3ae049b26b from main.
 2025-04-03 12:38:49 -03:00
Sarah Boyce
be13608613 [5.1.x] Added CVE-2025-27556 to security archive. 
Backport of b83dab7d8d from main.
 2025-04-02 13:33:19 +02:00
Sarah Boyce
ac90c54a86 [5.1.x] Post-release version bump. 2025-04-02 10:39:38 +02:00
Sarah Boyce
5773bc9cf9 [5.1.x] Bumped version for 5.1.8 release. 2025-04-02 10:29:55 +02:00
Sarah Boyce
edc2716d01 [5.1.x] Fixed CVE-2025-27556 -- Mitigated potential DoS in url_has_allowed_host_and_scheme() on Windows. 
Thank you sw0rd1ight for the report.

Backport of 39e2297210 from main.
 2025-04-02 10:28:26 +02:00
Babak Mahmoudy
b3b09dc6ce [5.1.x] Fixed #36213 -- Doc'd MySQL's handling of self-select updates in QuerySet.update(). 
Co-authored-by: Andro Ranogajec <ranogaet@gmail.com>

Backport of be1b776ad8 from main.
 2025-04-02 08:48:02 +02:00
Clifford Gama
3fdc8c31da [5.1.x] Clarified pre_delete and post_delete's origin attributes. 
Backport of 9d5d0e8135 from main.
 2025-03-31 16:13:06 +02:00
Carlton Gibson
5805d1c346 [5.1.x] Simplified Intersphinx configuration example. 
docs.djangoproject.com had been updated to serve the object.inv file
from the default location, so the second tuple element can be None
(the "default" value).

Backport of 5df512e53a from main.
 2025-03-28 09:38:46 +01:00
Carlton Gibson
31262b37d4 [5.1.x] Doc'd how to use Intersphinx in the reusable apps tutorial. 
Backport of 6e54e20cc3 from main.
 2025-03-27 17:37:46 +01:00
Sarah Boyce
451ba1f3cf [5.1.x] Added stub release notes and release date for 5.1.8 and 5.0.14. 
Backport of c75fbe8430 from main.
 2025-03-26 09:04:34 +01:00
Sarah Boyce
e38a80773d [5.1.x] Pinned black == 24.10.0 in GitHub actions, pre-commit and test requirements. 2025-03-25 14:11:32 -03:00
dr-rompecabezas
3266f2516c [5.1.x] Updated ogrinfo output in GIS tutorial. 
Backport of fb65c52040 from main
 2025-03-23 21:36:57 +01:00
mguegnol
659f88e4c9 [5.1.x] Fixed typo in docs/topics/signals.txt. 
Backport of e2b9a17913 from main
 2025-03-23 20:06:39 +01:00
Sarah Boyce
f581b0b5c2 [5.1.x] Documented the updating of translation catalogs in post-release tasks. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 922c1c732a from main.
 2025-03-21 14:56:44 +01:00
Clifford Gama
f927c9f2aa [5.1.x] Fixed #36095 -- Introduced lazy references in "Models across files" section. 
Backport of 6a2c296e70 from main.
 2025-03-21 14:12:23 +01:00
Clifford Gama
bd8bbc8c1a [5.1.x] Refs #36095 -- Doc'd that ManyToManyField.through supports lazy relationships. 
Backport of eb4ea9c3ef from main.
 2025-03-21 14:11:55 +01:00
Carlton Gibson
ab4bb5b2f9 [5.1.x] Fixed #33497 -- Doc'd that persistent DB connections should be disabled in ASGI and async modes. 
Backport of 8713e4ae96 from main.
 2025-03-18 21:28:43 -03:00
Clifford Gama
e9acb05b63 [5.1.x] Fixed #36202 -- Added examples of JSONField __contains and __contained_by lookups with nested arrays to docs. 
Backport of 304e9f3d6a from main
 2025-03-18 21:56:20 +01:00
Clifford Gama
d05cf7c35f [5.1.x] Fixed #36078 -- Doc'd that Postgres normalizes a range field with no points to empty. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 611e7bc3a0 from main.
 2025-03-18 16:53:01 +01:00
YQ
71558701df [5.1.x] Fixed #36254 -- Fixed template dictionary unpacking in docs/topics/i18n/timezones.txt. 
Backport of 30e0a43937 from main.
 2025-03-17 09:49:54 +01:00