14220 commits

Author	SHA1	Message	Date
Jonathan Biemond	b172cbdf33	Fixed #36808 -- Required name argument in UniqueConstraint signature. ... By trading ValueError for TypeError for omitted name arguments, we gain a little clarity.	2025-12-19 09:48:15 -05:00
Samriddha9619	73c987eb3b	Fixed #36701 -- Fixed memory leak in ModelState.	2025-12-18 17:53:24 -05:00
Mariusz Felisiak	4702b36120	Fixed #27380 -- Added "raw" argument to m2m_changed signals.	2025-12-17 18:37:18 +01:00
varunkasyap	0d8548e583	Fixed #36747 -- Parsed weeks from ISO 8601 format in parse_duration().	2025-12-17 10:19:05 -05:00
Clifford Gama	6cc1231285	Fixed #36800 -- Restored ManyToManyField renaming in BaseDatabaseSchemaEditor.alter_field(). ... Regression in f9a44cc0fa. Now that ManyToManyField is no longer concrete the decision of whether or not it should be altered, which is also relied on by field renaming, should take into consideration name changes even if it doesn't have a column associated with it, as auto-created many-to-many relationship table names are a base of it. Note that there is room for optimization here where a rename can be entirely avoided if ManyToManyField.db_table remains stable between .name changes, just like we do with Field.db_column remaining stable, but since this is a regression and meant to be backported the current patch focuses on correctness over further improvements. Thanks Josik for the report. Co-authored-by: Simon Charette <charette.s@gmail.com>	2025-12-16 17:45:34 -05:00
Mridul Dhall	d1a4979fa5	Fixed #36594 -- Improved UniqueConstraint's nulls_distinct system check message. ... Clarified that the nulls_distinct argument is not supported, as opposed to certain values for the argument. Thanks Russell Owen for the report.	2025-12-16 15:06:10 -05:00
Marc Gibbons	922c4cf972	Fixed #36783 -- Ensured proper handling of multi-value QueryDicts in querystring template tag. ... Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>	2025-12-15 18:58:41 -03:00
Jacob Walls	0071cb1efd	Refs #36652 -- Avoided missing imports in a temporary file generated in a migration test.	2025-12-15 15:24:57 -05:00
Michal Mládek	2ce5cb0f7a	Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping. ... Co-authored-by: Simon Charette <charette.s@gmail.com>	2025-12-15 15:23:51 -05:00
Mariusz Felisiak	0174a85770	Fixed #36765 -- Added support for stored GeneratedFields on Oracle 23ai/26ai (23.7+). ... Thanks Jacob Walls for the review.	2025-12-13 16:38:04 +01:00
Lily Acorn	e95468ed97	Refs #36735 -- Supported shift parameter for UUID7 on PostgreSQL.	2025-12-12 11:50:36 -05:00
Lily Acorn	accceec949	Fixed #36735 -- Added UUID4 and UUID7 database functions. ... Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>	2025-12-12 11:17:08 -05:00
Pravin Kamble	dae08cf55b	Fixed #36769 -- Avoided visiting deeply nested nodes in XML deserializer. ... Only children at one level of depth need to be visited. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-12-11 12:38:04 -05:00
Jacob Walls	cd6278c4c0	Refs #27890 -- Avoided overwriting TMPDIR in runtests.py under forkserver mode. ... This variable should only be set once. Under forkserver, this module was getting executed multiple times, causing nested temporary dirs that didn't clean up properly, raising FileNotFoundError. This similar to #27890 although a slightly different cause.	2025-12-11 12:10:52 -05:00
Jacob Walls	7b80b21863	Refs #36499 -- Adjusted test_strip_tags following Python behavior change for incomplete entities.	2025-12-11 11:28:49 -05:00
Clifford Gama	7b54ddd5e6	Refs #36025 -- Made get_prep_lookup() pass output_field when wrapping direct values in Value. ... Previously, only strings were supplied with an output_field when wrapping direct value iterable elements in Value expressions for ExpressionList. This caused problems for __in lookups on JSONField when using expressions alongside direct values, as JSONField values can have different types which need to be adapted by the field's get_db_prep_value(). Refs #36689. Thanks Jacob Walls for the review.	2025-12-10 17:45:51 -05:00
Clifford Gama	9b8e4c6d7d	Refs #36689 -- Serialized JSONIn rhs parameters wrapped in Value expressions.	2025-12-10 17:45:51 -05:00
Clifford Gama	66fed37ecb	Fixed #36689 -- Fixed top-level JSONField __in lookup failures on MySQL and Oracle. ... Added a JSONIn lookup to handle correct serialization and extraction for JSONField top-level __in queries on backends without native JSON support. KeyTransformIn now subclasses JSONIn. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Thanks Jacob Walls for the report and review.	2025-12-10 17:45:51 -05:00
Tim Graham	bbabbac936	Added tests for MultiPointField, MultiLineStringField, and GeometryCollectionField.	2025-12-09 20:07:20 -05:00
Jake Howard	0ac548635e	Fixed #36728 -- Validated template tag arguments at definition time. ... Before, `context` and `content` were validated at compile time.	2025-12-05 10:06:48 -05:00
Clifford Gama	55888655a2	Fixed #36722 -- Moved AutoFieldMixin validate_autopk_value() check to get_db_prep_save. ... The validation in validate_autopk_value is specific to saving. Having it in get_db_prep_value caused Value(0, AutoField()) to fail unexpectedly when used in a filter on MySQL. Thanks Jacob Walls for the review.	2025-12-05 09:35:15 -05:00
Chaitanya	16252e6907	Fixed #36367 -- Added a label to the date_hierarchy in admin changelist. ... Thanks Sarah Boyce for the implementation idea.	2025-12-05 09:33:42 -05:00
Tim Graham	17d644c8e2	Added DatabaseFeatures.prohibits_dollar_signs_in_column_aliases. ... This is also applicable on CockroachDB.	2025-12-04 11:37:22 -05:00
Jacob Walls	bd4a562a88	Closed pool when parallel test runner encounters unpicklable exceptions.	2025-12-03 16:04:22 -05:00
rimi0108	93540b34d4	Fixed #35729 -- Enabled natural key serialization opt-out for subclasses. ... Refactored serialization logic to allow models inheriting a natural_key() method (e.g. AbstractBaseUser) to explicitly opt out of natural key serialization by returning an empty tuple from the method. Thanks Jonas Dittrich for the report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-12-03 15:04:52 -05:00
Skyiesac	d338c2243f	Fixed #36280 -- Replaced exception checks with assertRaisesMessage().	2025-12-03 09:18:10 -05:00
Shai Berger	50efb718b3	Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation in XML serializer. ... Previously, `getInnerText()` recursively used `list.extend()` on strings, which added each character from child nodes as a separate list element. On deeply nested XML content, this caused the overall deserialization work to grow quadratically with input size, potentially allowing disproportionate CPU consumption for crafted XML. The fix separates collection of inner texts from joining them, so that each subtree is joined only once, reducing the complexity to linear in the size of the input. These changes also include a mitigation for a xml.dom.minidom performance issue. Thanks Seokchan Yoon (https://ch4n3.kr/) for report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>	2025-12-02 09:21:07 -03:00
Jacob Walls	5b90ca1e75	Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL injection in column aliases on PostgreSQL. ... Follow-up to CVE-2025-57833. Thanks Stackered for the report, and Simon Charette and Mariusz Felisiak for the reviews.	2025-12-02 09:21:07 -03:00
Νικόλαος-Διγενής Καραγιάννης	cb1d2854ed	Refs #35444 -- Fixed typo in PostgreSQL StringAgg deprecation warning.	2025-12-02 11:49:20 +01:00
Jacob Walls	34186e731c	Fixed #36712 -- Evaluated type annotations lazily in template tag registration. ... Ideally, this will be reverted when an upstream solution is available for https://github.com/python/cpython/issues/141560. Thanks Patrick Rauscher for the report and Augusto Pontes for the first iteration and test.	2025-12-01 20:48:54 -05:00
Jacob Walls	e94b19f6ab	Refs #35535 -- Used intended decorator in test_simple_block_tag_parens().	2025-12-01 08:38:27 -05:00
varunkasyap	a8cf8c292c	Fixed #36743 -- Increased URL max length enforced in HttpResponseRedirectBase. ... Refs CVE-2025-64458. The previous limit of 2048 characters reused the URLValidator constant and proved too restrictive for legitimate redirects to some third-party services. This change introduces a separate `MAX_URL_REDIRECT_LENGTH` constant (defaulting to 16384) and uses it in HttpResponseRedirectBase. Thanks Jacob Walls for report and review.	2025-11-26 17:17:46 -03:00
Jacob Walls	a08f1693f3	Closed temporary files in OverwritingStorageTests.test_save_overwrite_behavior_temp_file().	2025-11-26 07:47:26 -05:00
David Smith	d86802f13f	Fixed #35783 -- Added NumDimensions GIS database function and __num_dimensions lookup.	2025-11-25 10:10:06 +01:00
Tim Graham	e3d8f557ff	Refs #21961 -- Added required_db_features to delete's RelatedDbOptionParent.	2025-11-25 09:03:17 +01:00
Jake Howard	d08ae991a8	Corrected assertions for True/False results in tests/auth_tests/test_handlers.py.	2025-11-24 16:39:27 -03:00
Simon Charette	2a6e0bd72d	Fixed #36751 -- Fixed empty filtered aggregation crash over annotated queryset. ... Regression in b8e5a8a9a2. Refs #36404. The replace_expressions method was innapropriately dealing with falsey but not None source expressions causing them to also be potentially evaluated when __bool__ was invoked (e.g. QuerySet.__bool__ evaluates the queryset). The changes introduced in b8e5a8a9a2, which were to deal with a similar issue, surfaced the problem as aggregation over an annotated queryset requires an inlining (or pushdown) of aggregate references which is achieved through replace_expressions. In cases where an empty Q object was provided as an aggregate filter, such as when the admin facetting feature was used as reported, it would wrongly be turned into None, instead of an empty WhereNode, causing a crash at aggregate filter compilation. Note that the crash signature differed depending on whether or not the backend natively supports aggregate filtering (supports_aggregate_filter_clause) as the fallback, which makes use Case / When expressions, would result in a TypeError instead of a NoneType AttributeError. Thanks Rafael Urben for the report, Antoliny and Youngkwang Yang for the triage.	2025-11-24 12:14:38 +01:00
Tim Graham	57c50d8c19	Refs #21961 -- Added DatabaseFeatures.supports_on_delete_db_(cascade/null) feature flags. ... Needed on MongoDB. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>	2025-11-23 11:53:24 +01:00
David Smith	789b075447	Fixed #35774 -- Dropped support for GEOS 3.8. ... GEOS 3.8 (released Oct-2019) will be more than 5 years old when Django 6.1 is released (Aug-2026).	2025-11-22 12:20:00 +01:00
Jacob Walls	3f15935420	Refs #36705 -- Added coverage for multiple types of enclosing punctuation in urlize(). ... This case was inadvertently fixed in ad94446fcc.	2025-11-21 12:11:38 -05:00
Mariusz Felisiak	be0620b49f	Refs #36031 -- Added tests of DecimalRangeField __contains lookup with unbounded decimal ranges. ... Co-authored-by: Aman Sharma <210100011@iitb.ac.in>	2025-11-21 17:55:28 +01:00
Chris Wesseling	5834643f43	Fixed #36748 -- Filtered non-standard placeholders from UNNEST queries.	2025-11-20 17:22:46 -05:00
kihuni	b1a65eac7c	Fixed #36321 -- Defaulted suggest_on_error=True in management commands. ... Python 3.15 defaults suggest_on_error=True, but the feature is available from 3.14, so this change opts in earlier. This change can be reverted when Python 3.15 is the minimum supported version.	2025-11-20 15:40:07 -05:00
farthestmage	0741987568	Fixed #36737 -- Escaped further control characters in escapejs.	2025-11-20 09:35:59 -05:00
Mariusz Felisiak	97acd4d2f9	Fixed #26609 -- Extended fields.E004 system check for unordered iterables. ... Co-authored-by: Karl Wooster <karl.wooster@alleima.com>	2025-11-19 08:22:44 +01:00
varunkasyap	e05f2a7569	Fixed #36733 -- Escaped attributes in Stylesheet.__str__(). ... Thanks Mustafa Barakat for the report, Baptiste Mispelon for the triage, and Jake Howard for the review.	2025-11-18 17:15:30 -05:00
Georgi Yanchev	b07298a73a	Fixed #36141 -- Checked for applied replaced migrations recursively. ... Regression in 64b1ac7292.	2025-11-18 08:10:25 -05:00
Mariusz Felisiak	1ce6e78dd4	Fixed #24920 -- Added support for DecimalField with no precision. ... Thanks Lily for the review.	2025-11-17 13:43:47 +01:00
Mariusz Felisiak	35f86b641a	Refs #24928 -- Added introspection support for PostgreSQL HStoreField.	2025-11-14 13:36:15 +01:00
Kasyap Pentamaraju	0eec2a163a	Fixed #36724 -- Removed invalid "for" attribute on <legend> tags.	2025-11-13 11:22:44 -05:00