34022 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Clifford Gama	c135be349d	Clarified "get_db_prep_value" default result in docs/ref/models/fields.txt.	2025-11-10 14:11:28 -03:00
Hong Xu	a4f7674134	Clarified EmailValidator docs to specify it validates an email address. ... Updated the EmailValidator docs in docs/ref/validators.txt to explicitly state that it validates an email address, to avoid confusion with validating email message content.	2025-11-10 12:51:51 -03:00
myoungjinGo	c4e07f94eb	Fixed #36420 -- Used actual SQLite limits in last_executed_query() quoting.	2025-11-07 16:41:57 -05:00
Kasyap Pentamaraju	1c7db70e79	Fixed #36705 -- Avoided string concatenation in utils. ... Repeated string concatenation performs poorly on PyPy. Thanks Seokchan Yoon for the report.	2025-11-07 14:06:42 -05:00
Thomas Grainger	2768747526	Fixed #36315 -- Used TaskGroup instead of asyncio.gather().	2025-11-07 13:17:25 -05:00
Thomas Grainger	2501958b51	Refs #36315 -- Replaced manual task and cancellation handling with TaskGroup in ASGIHandler.	2025-11-07 12:23:31 -05:00
Thomas Grainger	796cf3d325	Refs #36315 -- Used contextlib.closing() in ASGIHandler.handle().	2025-11-07 12:23:31 -05:00
Tim Schilling	5ef870fbc5	Removed community packages admonition from settings docs.	2025-11-06 15:50:59 -05:00
Tim Schilling	47ac64ed8b	Added community package email backends mention to docs. ... Co-authored-by: Clifford Gama <cliffygamy@gmail.com>	2025-11-06 15:50:59 -05:00
us77ipis	6d4d99b3ce	Fixed #36702 -- Made bulk_create() return pk values set by an expression.	2025-11-06 11:58:01 -05:00
Mehraz Hossain Rumman	125b63ca74	Fixed #36710 -- Fixed a regression in urlize for multipart domain names. ... Thanks Mehraz Hossain Rumman for the report and Bruno Alla for the triage. Regression in a9fe98d5bd.	2025-11-05 17:05:54 -05:00
Harsh Jain	dfcc662cf8	Fixed #36709 -- Included static methods in system check for UserModel.is_anonymous/is_authenticated methods.	2025-11-05 16:56:15 -05:00
Natalia	c5a107e824	Added CVE-2025-64458 and CVE-2025-64459 to security archive.	2025-11-05 11:17:12 -03:00
Natalia	6e18c078d5	Added stub release notes for 5.2.9.	2025-11-05 11:12:30 -03:00
Jacob Walls	3c3f463577	Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on dictionary expansion.	2025-11-05 09:20:57 -03:00
Jacob Walls	98e642c691	Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. ... Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews.	2025-11-05 09:20:57 -03:00
Jacob Walls	c880530ddd	Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. ... Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210.	2025-11-05 09:20:57 -03:00
Hal Blackburn	74564946c3	Fixed #36704 -- Fixed system check error for proxy model with a composite pk. ... Proxy models subclassing a model with a CompositePrimaryKey were incorrectly reporting check errors because the check that requires only local fields to be used in a composite pk was evaluated against the proxy subclass, which has no fields. To fix this, composite pk field checks are not evaluated against proxy subclasses, as none of the checks are applicable to proxy subclasses. This also has the benefit of not double-reporting real check errors from an invalid superclass pk. Thanks Clifford Gama for the review.	2025-11-04 11:59:21 -05:00
Jayden Kneller	e27cff68a3	Fixed #36652 -- Increased determinism when loading migrations from disk. ... Ordering still depends on pkgutil.iter_modules, which does not guarantee order, but at least now Django is not introducing additional indeterminism, causing CircularDependencyError to appear or not appear in some edge cases. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-11-04 08:15:22 -05:00
ontowhee	eaf7b563a5	Updated ticket triage process diagram and contributing docs.	2025-11-04 09:38:03 -03:00
Augusto Pontes	8af79e2c0c	Fixed #36695 -- Fixed handling of parameterized generics in migration serialization. ... Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-11-03 20:45:48 -05:00
Mariusz Felisiak	05ba1a9228	Fixed #36661 -- Added introspection of database-level delete options.	2025-10-31 14:33:27 +01:00
Patrick Rauscher	6019147229	Fixed #36696 -- Fixed NameError when inspecting functions with deferred annotations. ... In Python 3.14, annotations are deferred by default, so we should not assume that the names in them have been imported unconditionally.	2025-10-31 08:44:37 -04:00
Tim Schilling	340e4f832e	Added community package storage backends mention to docs. ... Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-30 17:21:28 -04:00
Mariusz Felisiak	3939cd2795	Refs #36680 -- Fixed admin_scripts tests crash when black is not installed. ... Regression in 6436ec3210.	2025-10-30 08:38:17 -03:00
Clifford Gama	7fc9db1c6a	Refs #35381 -- Clarified key and index lookup handling of None in exact lookup docs.	2025-10-29 15:00:52 -04:00
Clifford Gama	348ca84538	Refs #35381 -- Deprecated using None in JSONExact rhs to mean JSON null. ... Key and index lookups are exempt from the deprecation. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-29 15:00:52 -04:00
Clifford Gama	be7f68422d	Refs #35381 -- Delegated ArrayField element prepping to base_field.get_db_prep_save. ... Previously, ArrayField always used base_field.get_db_prep_value when saving, which could differ from how base_field prepares data for save. This change overrides ArrayField.get_db_prep_save to delegate to the base_field's get_db_prep_save, ensuring elements like None in JSONField arrays are saved correctly as SQL NULL instead of JSON null.	2025-10-29 15:00:52 -04:00
Clifford Gama	adc25a9a66	Fixed #35381 -- Added JSONNull() expression. ... Thanks Jacob Walls for the review.	2025-10-29 15:00:52 -04:00
Jacob Walls	ab108bf94d	Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26.	2025-10-29 14:57:45 -03:00
Clifford Gama	01f8460653	Fixed #36329 -- Removed non-code custom link text when cross-referencing Python objects. ... Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-10-29 11:32:12 -04:00
Jacob Walls	1aa69a7491	Fixed #36678 -- Limited retries in ParallelTestRunner. ... Thanks Natalia Bidart for the review.	2025-10-29 09:11:31 -03:00
Jacob Walls	787cc96ef6	Refs #35972 -- Returned params in a tuple in further lookups.	2025-10-29 07:38:20 -04:00
Jacob Walls	43933a1dca	Reverted "Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping." ... This reverts commit ea3a71c2d0. The implementation was flawed, as self.group_by contains Cols, not aliases.	2025-10-28 11:40:01 -04:00
Mariusz Felisiak	9ba3f74a46	Fixed #36596 -- Made parallel test runner respect django_test_skips and django_test_expected_failures.	2025-10-28 10:55:49 -04:00
Jacob Walls	6436ec3210	Fixed #36680 -- Parametrized formatter discovery in AdminScriptTestCase.	2025-10-28 08:02:10 -04:00
Michal Mládek	ea3a71c2d0	Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping. ... Co-authored-by: Simon Charette <charette.s@gmail.com>	2025-10-27 15:11:19 -04:00
Kasyap Pentamaraju	0ea01101c3	Fixed #36681 -- Removed English pluralization bias from example in docs/topics/i18n/translation.txt.	2025-10-27 14:41:53 -04:00
Mariusz Felisiak	c87daabbf3	Fixed #36624 -- Dropped support for MySQL < 8.4.	2025-10-27 15:05:23 +01:00
Matthew Shirley	4744e9939b	Fixed #36683 -- Added error message on QuerySet.update() following distinct(*fields).	2025-10-25 12:21:27 -04:00
Ken Nzioka	3ff32c50d1	Fixed #36674 -- Fixed memory leak in select_related().	2025-10-24 15:51:39 -04:00
Natalia	6fcbbe0b85	Fixed IntegrityError in bulk_create.tests.BulkCreateTransactionTests due to duplicate primary keys. ... Some tests in BulkCreateTransactionTests were inserting Country objects with hardcoded primary keys, which could conflict with existing rows (if the sequence value wasn't bumped by another test). Updated the tests to dynamically select an unused primary key instead. Thanks to Simon Charette for the exhaustive and enlightening review.	2025-10-24 11:33:40 -03:00
Annabelle Wiegart	7423918125	Fixed #35095 -- Clarified Swiss number formatting in docs/topics/i18n/formatting.txt. ... Co-authored-by: Ahmed Nassar <a.moh.nassar00@gmail.com>	2025-10-23 10:11:52 -04:00
Natalia	42d6e20feb	Made cosmetic edits to docs/releases/6.0.txt.	2025-10-22 15:37:52 -03:00
Mariusz Felisiak	5e2bbebed9	Refs #36664 -- Added Python 3.15 to daily builds.	2025-10-22 15:36:10 +02:00
Mariusz Felisiak	185b049e9e	Refs #36499 -- Made TestUtilsHtml.test_strip_tags() assume behavior change in X.Y.0 version for Python 3.14+. ... This also removes unsupported versions of Python from the test dict.	2025-10-22 10:04:38 +02:00
Jacob Walls	b6c9246d0a	Fixed #36677 -- Fixed scheduling of system checks in ParallelTestSuite workers. ... Running system checks in workers must happen after database aliases are set up. Regression in 606fc35279.	2025-10-21 22:54:20 -04:00
Mariusz Felisiak	548209e620	Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+. ... tblib 3.2+ makes exception subclasses with __init__() and the default __reduce__() picklable. This broke the test for RemoteTestResult._confirm_picklable(), which expects a specific exception to fail unpickling. https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21 This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj)) raises TypeError. Refs #27301. This preserves the intent of the regression test from 52188a5ca6 without skipping it.	2025-10-21 23:10:31 -03:00
Adam Johnson	a0323a0c44	Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware.	2025-10-21 10:45:12 -04:00
YashRaj1506	9bb83925d6	Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND. ... Migrated `WSGIRequestHandler.log_message()` to use a more robust `log_message()` helper, which was based of `log_response()` via factoring out the common bits. Refs CVE-2025-48432. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>	2025-10-20 16:21:32 -03:00