Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 5.2.11
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5.2.12
Choose a head ref
  • 15 commits
  • 39 files changed
  • 4 contributors

Commits on Feb 3, 2026

  1. [5.2.x] Post-release version bump.

    @jacobtylerwalls
    jacobtylerwalls committed Feb 3, 2026
    Configuration menu
    Copy the full SHA
    7d796de View commit details
    Browse the repository at this point in the history

  2. [5.2.x] Added CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026… 

    …-1285, CVE-2026-1287, and CVE-2026-1312 to security archive.

Backport of af361d3 from main.
    @jacobtylerwalls
    jacobtylerwalls committed Feb 3, 2026
    Configuration menu
    Copy the full SHA
    dc32c07 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2026

  1. [5.2.x] Refs #35961 -- Restored AUTHORS in wheel. 

    As a side effect from adding explicit license files to conform to PEP 639, the
AUTHORS file got dropped from the wheel. The tarball still contained this file.

In the "Python Packaging User Guide"
(https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license-files)
the AUTHORS file is modeled to be included in license-files.

Follow-up to 96a7a65.
Backport of 220db1c from main.
    @mbeijen @jacobtylerwalls
    mbeijen authored and jacobtylerwalls committed Feb 10, 2026
    Configuration menu
    Copy the full SHA
    420c707 View commit details
    Browse the repository at this point in the history

  2. [5.2.x] Added stub release notes for 5.2.12. 

    Backport of 2c2d363 from main.
    @jacobtylerwalls
    jacobtylerwalls committed Feb 10, 2026
    Configuration menu
    Copy the full SHA
    e9b8537 View commit details
    Browse the repository at this point in the history

  3. [5.2.x] Fixed #36903 -- Fixed further NameErrors when inspecting func… 

    …tions with deferred annotations.

Provide a wrapper for safe introspection of user functions on Python 3.14+.

Follow-up to 6019147.
Backport of 56ed37e from main.
    @93578237 @jacobtylerwalls
    93578237 authored and jacobtylerwalls committed Feb 10, 2026
    Configuration menu
    Copy the full SHA
    a4999ef View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2026

  1. [5.2.x] Added stub release notes and release date for 5.2.12 and 4.2.29. 

    Backport of acd0bec from main.
    @nessita
    nessita committed Feb 24, 2026
    Configuration menu
    Copy the full SHA
    2bc009b View commit details
    Browse the repository at this point in the history

  2. [5.2.x] Bumped minimum isort version to 7.0.0. 

    Added ignores relating to PyCQA/isort#2352.

Backport of d980d68 from main.
    @jacobtylerwalls @nessita
    jacobtylerwalls authored and nessita committed Feb 24, 2026
    Configuration menu
    Copy the full SHA
    490e495 View commit details
    Browse the repository at this point in the history

  3. [5.2.x] Pinned black == 25.12.0 in GitHub actions, pre-commit and tes… 

    …t requirements.
    @nessita
    nessita committed Feb 24, 2026
    Configuration menu
    Copy the full SHA
    a73eed2 View commit details
    Browse the repository at this point in the history

Commits on Feb 25, 2026

  1. [5.2.x] Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars … 

    …limit references from HTML truncation docs.

Backport of bbc6818 from main.
    @nessita
    nessita committed Feb 25, 2026
    Configuration menu
    Copy the full SHA
    703777c View commit details
    Browse the repository at this point in the history

Commits on Mar 2, 2026

  1. [5.2.x] Aligned docs checks between GitHub Actions and local developm… 

    …ent.

Backport of 3f21cb0 from main.
    @nessita
    nessita committed Mar 2, 2026
    Configuration menu
    Copy the full SHA
    1db60ed View commit details
    Browse the repository at this point in the history

  2. [5.2.x] Pinned black == 25.12.0 for black docs checks and ensured the… 

    …y pass.
    @nessita
    nessita committed Mar 2, 2026
    Configuration menu
    Copy the full SHA
    951fe8b View commit details
    Browse the repository at this point in the history

  3. [5.2.x] Refs #36944 -- Added missing versionchanged annotation for MA… 

    …X_LENGTH_HTML change.
    @jacobtylerwalls @nessita
    jacobtylerwalls authored and nessita committed Mar 2, 2026
    Configuration menu
    Copy the full SHA
    94e7f17 View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2026

  1. [5.2.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection. 

    This simplicaftion mitigates a potential DoS in URLField on Windows. The
usage of `urlsplit()` in `URLField.to_python()` was replaced with
`str.partition(":")` for URL scheme detection. On Windows, `urlsplit()`
performs Unicode normalization which is slow for certain characters,
making `URLField` vulnerable to DoS via specially crafted POST payloads.

Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger
for the review.

Refs #36923.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>

Backport of 951ffb3 from main.
    @nessita
    nessita committed Mar 3, 2026
    Configuration menu
    Copy the full SHA
    4d3c184 View commit details
    Browse the repository at this point in the history

  2. [5.2.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permi… 

    …ssions on file system object creation.

This fix introduces `safe_makedirs()` in the `os` utils as a safer
alternative to `os.makedirs()` that avoids umask-related race conditions
in multi-threaded environments.

This is a workaround for python/cpython#86533
and the solution is based on the fix being proposed for CPython.

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Zackery Spytz <zspytz@gmail.com>

Refs CVE-2020-24583 and #31921.

Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and
Shai Berger for reviews.

Backport of 019e44f from main.
    @nessita
    nessita committed Mar 3, 2026
    Configuration menu
    Copy the full SHA
    b07ed2a View commit details
    Browse the repository at this point in the history

  3. [5.2.x] Bumped version for 5.2.12 release.

    @nessita
    nessita committed Mar 3, 2026
    Configuration menu
    Copy the full SHA
    4f382ca View commit details
    Browse the repository at this point in the history
Loading