Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.2.13
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.2.15
Choose a head ref
  • 17 commits
  • 24 files changed
  • 8 contributors

Commits on May 7, 2024

  1. [4.2.x]Post-release version bump.

    @nessita
    nessita committed May 7, 2024
    Configuration menu
    Copy the full SHA
    d26c883 View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2024

  1. [4.2.x] Added stub release notes for 4.2.14.

    @nessita
    nessita committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    446cdab View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2024

  1. [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and… 

    … urlizetrunc template filters.

Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <[email protected]>
    @adamchainz @sarahboyce @nessita
    2 people authored and nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    79f3687 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password… 

    …() when checking unusuable passwords.

Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
    @manfre @nessita
    manfre authored and nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    156d318 View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in S… 

    …torage's save method.

Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
    @nessita
    nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    2b00edc View commit details
    Browse the repository at this point in the history

  4. [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_suppor… 

    …ted_language_variant().

Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
    @sarahboyce @nessita
    sarahboyce authored and nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    17358fb View commit details
    Browse the repository at this point in the history

  5. [4.2.x] Bumped version for 4.2.14 release.

    @nessita
    nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    98cf264 View commit details
    Browse the repository at this point in the history

  6. [4.2.x] Post-release version bump.

    @nessita
    nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    72f6c7d View commit details
    Browse the repository at this point in the history

  7. [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE… 

    …-2024-39614 to security archive.

Backport of e095c76 from main.
    @nessita
    nessita committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    8e59e33 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2024

  1. [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.

    @felixxm @sarahboyce
    felixxm authored and sarahboyce committed Jul 11, 2024
    Configuration menu
    Copy the full SHA
    c5d196a View commit details
    Browse the repository at this point in the history

Commits on Jul 25, 2024

  1. [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled… 

    … ValueError in get_supported_language_variant().

LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e97922.

Backport of 0e94f29 from main.
    @lorinkoz @sarahboyce
    lorinkoz authored and sarahboyce committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    96a3497 View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2024

  1. [4.2.x] Added stub release notes and release date for 4.2.15. 

    Backport of 3f88089 from main.
    @sarahboyce
    sarahboyce committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    7b1a76f View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumptio… 

    …n in floatformat.

Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <[email protected]>
    @sarahboyce @shaib
    sarahboyce and shaib committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    fc76660 View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and… 

    … urlizetrunc template filters.

Thanks to MProgrammer for the report.
    @sarahboyce
    sarahboyce committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    d0a82e2 View commit details
    Browse the repository at this point in the history

  4. [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.u… 

    …tils.html.urlize() and AdminURLFieldWidget.

Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <[email protected]>
    @felixxm @sarahboyce
    felixxm and sarahboyce committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    efea1ef View commit details
    Browse the repository at this point in the history

  5. [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injec… 

    …tion attacks against JSON fields.

Thanks Eyal (eyalgabay) for the report.
    @charettes @sarahboyce
    charettes authored and sarahboyce committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    f4af67b View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2024

  1. [4.2.x] Bumped version for 4.2.15 release.

    @sarahboyce
    sarahboyce committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    4d32ebc View commit details
    Browse the repository at this point in the history
Loading