Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.2.16
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.2.17
Choose a head ref
  • 10 commits
  • 13 files changed
  • 5 contributors

Commits on Sep 3, 2024

  1. [4.2.x] Post-release version bump.

    @nessita
    nessita committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    8f6c362 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Added CVE-2024-45230 and CVE-2024-45231 to security archive. 

    Backport of aa52930 from main.
    @nessita
    nessita committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    5211677 View commit details
    Browse the repository at this point in the history

Commits on Oct 9, 2024

  1. [4.2.x] Added GitHub Action workflow to test all Python versions list… 

    …ed in the project config file.

Backport of 470f4c2 from main.
    @nessita
    nessita authored Oct 9, 2024
    Configuration menu
    Copy the full SHA
    345a665 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2024

  1. [4.2.x] Refs #35844 -- Expanded compatibility for expected error mess… 

    …ages in command tests on Python 3.12.

Updated CommandTests.test_subparser_invalid_option and CommandDBOptionChoiceTests.test_invalid_choice_db_option to use assertRaisesRegex() for compatibility with modified error messages in Python 3.12, 3.13, and 3.14+..

Backport of fc22fdd from main.
    @tainarapalmeira @sarahboyce
    tainarapalmeira authored and sarahboyce committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    ea4a1fb View commit details
    Browse the repository at this point in the history

Commits on Nov 26, 2024

  1. [4.2.x] Fixed docs build on Sphinx 8.1+. 

    Sphinx 8.1 added :cve: role, so there is no need to define it in Django:
- sphinx-doc/sphinx#11781

This also changes used URL to the one used by Python and soonish to be
used by Sphinx itself:
- sphinx-doc/sphinx#13006

Backport of 263f731 from main.
    @felixxm @nessita
    felixxm authored and nessita committed Nov 26, 2024
    Configuration menu
    Copy the full SHA
    b381b19 View commit details
    Browse the repository at this point in the history

Commits on Nov 27, 2024

  1. [4.2.x] Added stub release notes and release date for 4.2.17. 

    Backport of 2544c15 from main.
    @sarahboyce
    sarahboyce committed Nov 27, 2024
    Configuration menu
    Copy the full SHA
    0acff0f View commit details
    Browse the repository at this point in the history

Commits on Dec 3, 2024

  1. [4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to proper… 

    …ly validate IPv6 and IPvFuture addresses.

Refs Python CVE-2024-11168. Django should not affected, but others who
incorrectly use internal function _urlsplit() with unsanitized input
could be at risk.

python/cpython#103849
    @felixxm @sarahboyce
    felixxm authored and sarahboyce committed Dec 3, 2024
    Configuration menu
    Copy the full SHA
    f663277 View commit details
    Browse the repository at this point in the history

Commits on Dec 4, 2024

  1. [4.2.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). 

    Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart
for the reviews.
    @sarahboyce
    sarahboyce committed Dec 4, 2024
    Configuration menu
    Copy the full SHA
    790eb05 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed CVE-2024-53908 -- Prevented SQL injections in direct Ha… 

    …sKeyLookup usage on Oracle.

Thanks Seokchan Yoon for the report, and Mariusz Felisiak and Sarah
Boyce for the reviews.
    @charettes @sarahboyce
    charettes authored and sarahboyce committed Dec 4, 2024
    Configuration menu
    Copy the full SHA
    7376bcb View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Bumped version for 4.2.17 release.

    @sarahboyce
    sarahboyce committed Dec 4, 2024
    Configuration menu
    Copy the full SHA
    1f0356f View commit details
    Browse the repository at this point in the history
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy