Skip to content
/ django Public
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.2.22
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.2.24
Choose a head ref
  • 16 commits
  • 17 files changed
  • 3 contributors

Commits on Jun 4, 2025

  1. [4.2.x] Post-release version bump.

    @nessita
    nessita committed Jun 4, 2025
    Configuration menu
    Copy the full SHA
    8d87045 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Added CVE-2025-48432 to security archive. 

    Backport of 51923c5 from main.
    @nessita
    nessita committed Jun 4, 2025
    Configuration menu
    Copy the full SHA
    b07f886 View commit details
    Browse the repository at this point in the history

Commits on Jun 6, 2025

  1. [4.2.x] Refactored logging_tests to reuse assertions for log records. 

    Backport of 9d72e7d from main.
    @nessita
    nessita committed Jun 6, 2025
    Configuration menu
    Copy the full SHA
    ba24ee3 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Refs CVE-2025-48432 -- Made SuspiciousOperation logging use l… 

    …og_response() for consistency.

Backport of ff835f4 from main.
    @nessita
    nessita committed Jun 6, 2025
    Configuration menu
    Copy the full SHA
    10ba3f7 View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining r… 

    …esponse logging.

Migrated remaining response-related logging to use the `log_response()`
helper to avoid potential log injection, to ensure untrusted values like
request paths are safely escaped.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 9579517 from main.
    @RealOrangeOne @nessita
    RealOrangeOne authored and nessita committed Jun 6, 2025
    Configuration menu
    Copy the full SHA
    b597d46 View commit details
    Browse the repository at this point in the history

Commits on Jun 10, 2025

  1. [4.2.x] Bumped version for 4.2.23 release.

    @sarahboyce
    sarahboyce committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    a698dc2 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Post-release version bump.

    @sarahboyce
    sarahboyce committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    bc4d96c View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Added follow-up to CVE-2025-48432 to security archive. 

    Backport of 2714bc3 from main.
    @sarahboyce
    sarahboyce committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    8293b0f View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2025

  1. [4.2.x] Added GitHub Action to enforce stable branch commit message p… 

    …refix.

Backport of 10386fa from main.
    @nessita
    nessita committed Jul 16, 2025
    Configuration menu
    Copy the full SHA
    0c9ab35 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed GitHub Action that checks commit prefixes to fetch PR h… 

    …ead correctly.

Backport of 8499fba from main.
    @nessita
    nessita committed Jul 16, 2025
    Configuration menu
    Copy the full SHA
    591b23a View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2025

  1. [4.2.x] Refs #36535 -- Doc'd that docutils < 0.22 is required. 

    Backport of 9d9b3bc from stable/5.1.x.
    @nessita
    nessita committed Aug 5, 2025
    Configuration menu
    Copy the full SHA
    7335a1a View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2025

  1. [4.2.x] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors fol… 

    …lowing Python's HTMLParser fixed parsing.

Further details about Python changes can be found in:
python/cpython@0243f97.

Refs #36499. Thank you Clifford Gama for the thorough review!

Backport of e4515da from main.
    @nessita
    nessita committed Aug 13, 2025
    Configuration menu
    Copy the full SHA
    2a79837 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.… 

    …test_strip_tags following Python's HTMLParser new behavior.

Python fixed a quadratic complexity processing for HTMLParser in:
python/cpython@6eb6c5db.

Backport of 2980627 from main.
    @nessita
    nessita committed Aug 13, 2025
    Configuration menu
    Copy the full SHA
    c3f9871 View commit details
    Browse the repository at this point in the history

Commits on Aug 27, 2025

  1. [4.2.x] Added stub release notes and release date for 4.2.24. 

    Backport of 4c71e33 from main.
    @sarahboyce
    sarahboyce committed Aug 27, 2025
    Configuration menu
    Copy the full SHA
    d5860d5 View commit details
    Browse the repository at this point in the history

Commits on Sep 3, 2025

  1. [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQ… 

    …L injection in column aliases.

Thanks Eyal Gabay (EyalSec) for the report.

Backport of 5171171 from main.
    @RealOrangeOne @sarahboyce
    RealOrangeOne authored and sarahboyce committed Sep 3, 2025
    Configuration menu
    Copy the full SHA
    31334e6 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Bumped version for 4.2.24 release.

    @sarahboyce
    sarahboyce committed Sep 3, 2025
    Configuration menu
    Copy the full SHA
    5e23d89 View commit details
    Browse the repository at this point in the history
Loading