| 44e7cca | Carlton Gibson | 04 January 2022, 09:29:49 UTC | 2.2.x] Bumped version for 2.2.26 release. | 04 January 2022, 09:30:01 UTC |
| 4cb35b3 | Florian Apolloner | 17 December 2021, 20:07:50 UTC | [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. Thanks to Dennis Brinkrolf for the report. | 04 January 2022, 09:20:31 UTC |
| c9f648c | Florian Apolloner | 27 December 2021, 13:53:18 UTC | [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | 04 January 2022, 09:20:31 UTC |
| 2135637 | Florian Apolloner | 27 December 2021, 13:48:03 UTC | [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | 04 January 2022, 09:20:31 UTC |
| 03b733d | Carlton Gibson | 27 December 2021, 13:42:14 UTC | [2.2.x] Added stub release notes for 2.2.26 release. | 28 December 2021, 09:10:15 UTC |
| b878206 | Mariusz Felisiak | 15 December 2021, 17:54:02 UTC | [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6. Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main | 15 December 2021, 17:56:38 UTC |
| 573e70e | Mariusz Felisiak | 07 December 2021, 07:51:26 UTC | [2.2.x] Added CVE-2021-44420 to security archive. Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main | 07 December 2021, 07:56:25 UTC |
| 8439938 | Mariusz Felisiak | 07 December 2021, 06:05:38 UTC | [2.2.x] Post-release version bump. | 07 December 2021, 06:05:38 UTC |
| 79d8dce | Mariusz Felisiak | 07 December 2021, 06:03:33 UTC | [2.2.x] Bumped version for 2.2.25 release. | 07 December 2021, 06:03:33 UTC |
| 7cf7d74 | Florian Apolloner | 29 November 2021, 10:52:03 UTC | [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main. | 07 December 2021, 06:02:14 UTC |
| 0007a5f | Mariusz Felisiak | 30 November 2021, 10:58:43 UTC | [2.2.x] Added requirements.txt to files ignored by Sphinx builds. Backport of 0cf2d48ba83543b16bdf390d941eb98e8d34f3bd from stable/3.2.x. | 30 November 2021, 11:12:07 UTC |
| fac0fdd | Mariusz Felisiak | 29 November 2021, 12:21:54 UTC | [2.2.x] Added stub release notes for 2.2.25. Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main. | 30 November 2021, 10:31:56 UTC |
| 4bc10b7 | Mariusz Felisiak | 17 November 2021, 11:31:25 UTC | [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. See https://github.com/sphinx-doc/sphinx/commit/dd2ff3e911c751c06c81f494128fba56d8ecbafd. Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main | 18 November 2021, 12:33:29 UTC |
| 5289fcf | Adam Johnson | 18 November 2021, 09:47:12 UTC | [2.2.x] Configured Read The Docs to build all formats. `all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable? Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main | 18 November 2021, 11:25:47 UTC |
| 9a4a2b2 | Carlton Gibson | 03 November 2021, 17:35:27 UTC | [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. This pins Sphinx version, because the default Sphinx version used by RTD is not compatible with Python 3.8+. This also, sets Python 3.8 for RTD builds which is compatible with all current versions of Django. Thanks to Mariusz Felisiak for the suggestion. Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main. | 03 November 2021, 18:05:19 UTC |
| 029c830 | Carlton Gibson | 03 November 2021, 10:42:00 UTC | [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. Co-authored-by: Andrew Neitsch <andrew@neitsch.ca> Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main | 03 November 2021, 18:04:59 UTC |
| 12141e3 | Mariusz Felisiak | 03 November 2021, 07:42:27 UTC | [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. Follow up to 837ffcfa681d0f65f444d881ee3d69aec23770be. | 03 November 2021, 07:42:27 UTC |
| cf63dd5 | Mariusz Felisiak | 12 October 2021, 13:16:00 UTC | [2.2.x] Added 'formatter' to spelling wordlist. Backport of e43a131887e2a316d4fb829c3a272ef0cbbeea80 from main | 12 October 2021, 13:18:17 UTC |
| 05bc1c8 | Mariusz Felisiak | 02 September 2021, 08:56:56 UTC | [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. Thanks Michał Górny for the report. Backport of 50ed545e2fa02c51e0d1559b83624f256e4b499b from main. | 02 September 2021, 09:06:10 UTC |
| a9c0aa1 | Mariusz Felisiak | 21 July 2021, 09:06:58 UTC | [2.2.x] Refs #31676 -- Updated technical board description in organization docs. According to DEP 0010. Backport of f2ed2211c26ba375390cb76725c95ae970a0fd1d from main. | 30 July 2021, 09:53:15 UTC |
| 66008c2 | Mariusz Felisiak | 20 July 2021, 09:13:09 UTC | [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. According to DEP 0010. Backport of 228ec8e015bac9751c8aef3107358fbb2cb3301b from main | 30 July 2021, 09:52:46 UTC |
| d4d1c2b | Mariusz Felisiak | 20 July 2021, 08:48:17 UTC | [2.2.x] Refs #31676 -- Removed Core team from organization docs. According to DEP 0010. Backport of caa2dd08c4722c8702588f5dfe1fa4c506aa66fc from main | 30 July 2021, 09:52:43 UTC |
| 8f59f72 | Mariusz Felisiak | 13 July 2021, 18:21:22 UTC | [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. Backport of 37e8367c359cd115f109d82f99ff32be219f4928 from main. | 13 July 2021, 18:26:17 UTC |
| 837ffcf | Mariusz Felisiak | 21 June 2021, 11:06:31 UTC | [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. | 21 June 2021, 11:06:31 UTC |
| dc43667 | Mariusz Felisiak | 02 June 2021, 10:16:06 UTC | [2.2.x] Fixed docs header underlines in security archive. Backport of d9cee3f5f2f90938d2c2c0230be40c7d50aef53d from main | 02 June 2021, 10:29:11 UTC |
| 3e7bb56 | Carlton Gibson | 02 June 2021, 09:15:54 UTC | [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main | 02 June 2021, 09:19:59 UTC |
| 48bde7c | Carlton Gibson | 02 June 2021, 08:36:52 UTC | [2.2.x] Post-release version bump. | 02 June 2021, 08:36:52 UTC |
| 2da029d | Carlton Gibson | 02 June 2021, 08:28:20 UTC | [2.2.x] Bumped version for 2.2.24 release. | 02 June 2021, 08:28:20 UTC |
| f27c38a | Mariusz Felisiak | 25 May 2021, 09:57:59 UTC | [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 | 02 June 2021, 08:26:22 UTC |
| 053cc95 | Florian Apolloner | 25 May 2021, 09:55:06 UTC | [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. | 02 June 2021, 08:26:22 UTC |
| 6229d87 | Carlton Gibson | 02 June 2021, 08:19:19 UTC | [2.2.x] Confirmed release date for Django 2.2.24. Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main. | 02 June 2021, 08:23:20 UTC |
| f163ad5 | Carlton Gibson | 25 May 2021, 08:38:20 UTC | [2.2.x] Added stub release notes and date for Django 2.2.24. Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main | 26 May 2021, 08:21:53 UTC |
| bed1755 | Mariusz Felisiak | 20 May 2021, 10:23:36 UTC | [2.2.x] Changed IRC references to Libera.Chat. Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main. | 20 May 2021, 10:42:48 UTC |
| 63f0d7a | Mariusz Felisiak | 14 May 2021, 04:57:31 UTC | [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fields.test_filefield tests on Python 3.5. | 14 May 2021, 04:59:11 UTC |
| 5fe4970 | Mariusz Felisiak | 13 May 2021, 07:22:34 UTC | [2.2.x] Post-release version bump. | 13 May 2021, 07:22:34 UTC |
| 61f814f | Mariusz Felisiak | 13 May 2021, 07:19:56 UTC | [2.2.x] Bumped version for 2.2.23 release. | 13 May 2021, 07:19:56 UTC |
| b8ecb06 | Mariusz Felisiak | 13 May 2021, 06:53:44 UTC | [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField. - Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main. | 13 May 2021, 07:00:25 UTC |
| 3ba089a | Mariusz Felisiak | 12 May 2021, 08:42:01 UTC | [2.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. Backport of d1f1417caed648db2f81a1ec28c47bf958c01958 from main. | 12 May 2021, 08:44:25 UTC |
| 88d9b28 | Mariusz Felisiak | 06 May 2021, 07:58:24 UTC | [2.2.x] Added CVE-2021-32052 to security archive. Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main | 06 May 2021, 08:05:46 UTC |
| 7ada1f9 | Mariusz Felisiak | 06 May 2021, 07:10:34 UTC | [2.2.x] Post-release version bump. | 06 May 2021, 07:10:34 UTC |
| df9fd46 | Mariusz Felisiak | 06 May 2021, 07:08:28 UTC | [2.2.x] Bumped version for 2.2.22 release. | 06 May 2021, 07:08:28 UTC |
| d9594c4 | Mariusz Felisiak | 04 May 2021, 18:50:12 UTC | [2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main. | 06 May 2021, 06:53:27 UTC |
| 1637003 | Carlton Gibson | 04 May 2021, 12:44:19 UTC | [2.2.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case. Backport of a708f39ce67af174df90c5b5e50ad1976cec7cb8 from main | 06 May 2021, 05:44:15 UTC |
| bcafd9b | Carlton Gibson | 04 May 2021, 09:14:17 UTC | [2.2.x] Added CVE-2021-31542 to security archive. Backport of 607ebbfba915de2d84eb943aa93654f31817a709 and 62b2e8b37e37a313c63be40e3223ca4e830ebde3 from main | 04 May 2021, 09:14:17 UTC |
| 3931dc7 | Carlton Gibson | 04 May 2021, 08:24:07 UTC | [2.2.x] Post-release version bump. | 04 May 2021, 08:24:07 UTC |
| ff1385a | Carlton Gibson | 04 May 2021, 08:18:53 UTC | [2.2.x] Bumped version for 2.2.21 release. | 04 May 2021, 08:18:53 UTC |
| 04ac162 | Florian Apolloner | 14 April 2021, 16:23:44 UTC | [2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | 27 April 2021, 17:10:08 UTC |
| 7f1b088 | Mariusz Felisiak | 06 April 2021, 07:42:31 UTC | [2.2.x] Added CVE-2021-28658 to security archive. Backport of 1eac8468cbde790fecb51dd055a439f4947d01e9 from main | 06 April 2021, 07:48:05 UTC |
| e95fbb6 | Mariusz Felisiak | 06 April 2021, 06:45:22 UTC | [2.2.x] Post-release version bump. | 06 April 2021, 06:45:22 UTC |
| ad9fa56 | Mariusz Felisiak | 06 April 2021, 06:39:37 UTC | [2.2.x] Bumped version for 2.2.20 release. | 06 April 2021, 06:39:37 UTC |
| 4036d62 | Mariusz Felisiak | 16 March 2021, 09:19:00 UTC | [2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main. | 06 April 2021, 06:38:19 UTC |
| 6e58828 | Carlton Gibson | 19 February 2021, 10:07:56 UTC | [2.2.x] Added CVE-2021-23336 to security archive. Backport of ab58f072502e86dfe21b2bd5cccdc5e94dce8d26 from master | 19 February 2021, 10:07:56 UTC |
| 1fb4628 | Carlton Gibson | 19 February 2021, 08:45:49 UTC | [2.2.x] Post-release version bump. | 19 February 2021, 08:45:49 UTC |
| 21a5547 | Carlton Gibson | 19 February 2021, 08:44:55 UTC | [2.2.x] Bumped version for 2.2.19 release. | 19 February 2021, 08:44:55 UTC |
| fd6b6af | Nick Pope | 16 February 2021, 10:14:17 UTC | [2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). | 18 February 2021, 09:27:25 UTC |
| 226d831 | Nick Pope | 16 February 2021, 10:08:39 UTC | [2.2.x] Added documentation extlink for bugs.python.org. Backport of d02d60eb0f032c9395199fb73c6cd29ee9bb2646 from master | 17 February 2021, 13:28:05 UTC |
| 34010d8 | Mariusz Felisiak | 01 February 2021, 09:21:30 UTC | [2.2.x] Added CVE-2021-3281 to security archive. Backport of f749148d62ece28d208ab66b109f858215ba090a from master | 01 February 2021, 09:47:08 UTC |
| 06ae7e0 | Mariusz Felisiak | 01 February 2021, 08:49:28 UTC | [2.2.x] Post-release version bump. | 01 February 2021, 08:49:28 UTC |
| fc0c8cf | Mariusz Felisiak | 01 February 2021, 08:43:16 UTC | [2.2.x] Bumped version for 2.2.18 release. | 01 February 2021, 08:43:16 UTC |
| 21e7622 | Mariusz Felisiak | 22 January 2021, 11:23:18 UTC | [2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews. Thanks Wang Baohua for the report. Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master. | 01 February 2021, 08:14:54 UTC |
| ee9d623 | Mariusz Felisiak | 29 January 2021, 10:00:12 UTC | [2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. Backport of 135c800fe6138d7818501a384c0ebbdc5442762c from master | 29 January 2021, 10:03:59 UTC |
| e8e28e7 | Tim Graham | 02 January 2021, 11:49:00 UTC | [2.2.x] Updated CVE URL. Backport of 656b331b13e08e82bbf0b88d39080c5b1a02109c from master | 02 January 2021, 11:51:06 UTC |
| e893c0a | Max Smolens | 06 October 2020, 21:58:52 UTC | [2.2.x] Fixed #31850 -- Fixed BasicExtractorTests.test_extraction_warning with xgettext 0.21+. "format string with unnamed arguments cannot be properly localized" warning is not raised in xgettext 0.21+. This patch uses a message that causes an xgettext warning regardless of the version. Backport of 07a30f561661efae1691ff45d10ec6014b395b58 from master | 02 November 2020, 09:30:40 UTC |
| 3da29a3 | Carlton Gibson | 02 November 2020, 07:55:06 UTC | [2.2.x] Post-release version bump. | 02 November 2020, 07:55:25 UTC |
| c769f65 | Carlton Gibson | 02 November 2020, 07:49:01 UTC | [2.2.x] Bumped version for 2.2.17 release. | 02 November 2020, 07:49:01 UTC |
| 3db9a7a | Carlton Gibson | 02 November 2020, 07:35:24 UTC | [2.2.x] Set release date for 2.2.17. Backport of 7fc07b9b2ba0c5c62a8840325d21b414a099fda0 from master | 02 November 2020, 07:39:12 UTC |
| b4b8ca4 | Mariusz Felisiak | 13 October 2020, 06:35:01 UTC | [2.2.x] Refs #31040 -- Doc'd Python 3.9 compatibility. Backport of e18156b6c35908f2a4026287b5225a6a4da8af1a from master. | 13 October 2020, 06:45:37 UTC |
| 01742aa | Jon Dufresne | 29 April 2019, 06:47:34 UTC | [2.2.x] Refs #31040 -- Fixed Python PendingDeprecationWarning in select_for_update.tests. Backport of 0dd2308cf6f559a4f4b50edd7c005c7cf025d1aa from master | 12 October 2020, 10:21:33 UTC |
| 87b9a8b | Mariusz Felisiak | 03 January 2020, 06:47:04 UTC | [2.2.x] Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py. An empty string is invalid salt in Python 3 and raises exception since Python 3.9, see https://bugs.python.org/issue38402. Backport of 1960d55f8baa412b43546d15a8342554808fff57 from master | 07 October 2020, 07:16:58 UTC |
| 657fea5 | Mariusz Felisiak | 06 October 2020, 09:25:04 UTC | [2.2.x] Skipped GetImageDimensionsTests.test_webp when WEBP is not installed. Bumped minimum Pillow version to 4.2.0 in test requirements. Backport of fce389af7cf95151118c9fc7cafd777a31f94946 from master | 06 October 2020, 09:32:34 UTC |
| 0f6e73e | Carlton Gibson | 01 September 2020, 09:32:57 UTC | [2.2.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive. Backport of d5b526bf78a9e5d9760e0c0f7647622bf47782fe from master | 01 September 2020, 09:39:59 UTC |
| 65078cf | Carlton Gibson | 03 June 2020, 10:03:27 UTC | [2.2.x] Added CVE-2020-13254 and CVE-2020-13596 to security archive. Backport of 54975780ee2e4017844ecad94835fdce43d97377 from master | 01 September 2020, 09:39:57 UTC |
| 0696540 | Carlton Gibson | 01 September 2020, 08:43:21 UTC | [2.2.x] Post-release version bump. | 01 September 2020, 08:43:21 UTC |
| bf07047 | Carlton Gibson | 01 September 2020, 08:30:56 UTC | [2.2.x] Bumped version for 2.2.16 release. | 01 September 2020, 08:30:56 UTC |
| dfcecb6 | Carlton Gibson | 01 September 2020, 07:56:42 UTC | [2.2.x] Added release date for 2.2.16. Backport of 976e2b7420c0f7e3060a13792b97511a9aad31d7 from master | 01 September 2020, 08:00:28 UTC |
| a3aebfd | Mariusz Felisiak | 21 August 2020, 10:43:45 UTC | [2.2.x] Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+. Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master. | 25 August 2020, 09:09:40 UTC |
| 375657a | Mariusz Felisiak | 21 August 2020, 09:44:46 UTC | [2.2.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+. Thanks WhiteSage for the report. Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master. | 25 August 2020, 08:59:42 UTC |
| dc39e62 | Mariusz Felisiak | 13 August 2020, 14:29:55 UTC | [2.2.x] Refs #31863 -- Added release notes for 94ea79be137f3cb30949bf82198e96e094f2650d. Backport of 21768a99f47ee73a2f93405151550ef7c3d9c8a2 from master | 13 August 2020, 14:32:58 UTC |
| 0a7d321 | Gert Burger | 07 August 2020, 08:02:29 UTC | [2.2.x] Fixed #31863 -- Prevented mutating model state by copies of model instances. Regression in bfb746f983aa741afa3709794e70f1e0ab6040b5. Backport of 94ea79be137f3cb30949bf82198e96e094f2650d from master | 13 August 2020, 13:28:21 UTC |
| 839f906 | Daniel Hillier | 08 August 2020, 05:17:36 UTC | [2.2.x] Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()). Backport of 60626162f76f26d32a38d18151700cb041201fb3 from master | 11 August 2020, 10:33:18 UTC |
| 3070624 | Mariusz Felisiak | 11 August 2020, 07:44:31 UTC | [2.2.x] Added stub release notes for 2.2.16. Backport of 8a5683b6b2aede38edcff070686ed1fce470dec5 from master | 11 August 2020, 09:14:35 UTC |
| 337dd02 | Mariusz Felisiak | 03 August 2020, 07:12:12 UTC | [2.2.x] Post-release version bump. | 03 August 2020, 07:12:12 UTC |
| bf6c584 | Mariusz Felisiak | 03 August 2020, 07:10:01 UTC | [2.2.x] Bumped version for 2.2.15 release. | 03 August 2020, 07:10:01 UTC |
| b70595c | Mariusz Felisiak | 03 August 2020, 06:52:28 UTC | [2.2.x] Added release date for 2.2.15. Backport of b68b8cb89abb35ff2152175ea540619ec384b1f4 from master | 03 August 2020, 06:58:00 UTC |
| d74e1c0 | Mariusz Felisiak | 23 July 2020, 08:07:35 UTC | [2.2.x] Pinned geoip2 < 4.0.0 in test requirements. geoip2 4+ doesn't support Python 3.5. | 23 July 2020, 08:07:35 UTC |
| eb81593 | Mariusz Felisiak | 22 July 2020, 10:49:56 UTC | [2.2.x] Fixed #31805 -- Fixed SchemaTests.tearDown() when table names are case-insensitive. Backport of fd53db842c35c994dbd54196dd38a908f3676b1a from master | 22 July 2020, 10:52:45 UTC |
| 1a3835f | Florian Apolloner | 15 July 2020, 05:30:15 UTC | [2.2.x] Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+. Fixed sending emails crash on email addresses with display names longer then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+. Wrapped display names were passed to email.headerregistry.Address() what caused raising an exception because address parts cannot contain CR or LF. See https://bugs.python.org/issue39073 Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 from master. | 20 July 2020, 06:11:30 UTC |
| f1a6e6c | Mariusz Felisiak | 16 July 2020, 07:30:15 UTC | [2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x | 16 July 2020, 07:35:35 UTC |
| 6f09ee2 | David Smith | 02 July 2020, 17:06:28 UTC | [2.2.x] Fixed #30945 -- Doc'd plural equations changes in 2.2. release notes. Backport of 392036be29b759204cbc4033072672acacabf3f7 from master | 03 July 2020, 07:39:49 UTC |
| 5968a23 | Mariusz Felisiak | 02 July 2020, 08:59:15 UTC | [2.2.x] Fixed ForeignKeyRawIdWidgetTest.test_render_unsafe_limit_choices_to on Python 3.5. | 02 July 2020, 08:59:15 UTC |
| 202ac0b | Mariusz Felisiak | 01 July 2020, 04:42:42 UTC | [2.2.x] Post-release version bump. | 01 July 2020, 04:42:42 UTC |
| 74934f7 | Mariusz Felisiak | 01 July 2020, 04:37:55 UTC | [2.2.x] Bumped version for 2.2.14 release. | 01 July 2020, 04:37:55 UTC |
| ee9bd41 | Mariusz Felisiak | 01 July 2020, 04:16:32 UTC | [2.2.x] Added release date for 2.2.14. Backport of 0f3aecf581b50215820455eb2f6a19a1b3b3ef8b from master. | 01 July 2020, 04:19:44 UTC |
| fc2a368 | Mariusz Felisiak | 30 June 2020, 07:47:50 UTC | [2.2.x] Refs #31751 -- Doc'd that cx_Oracle < 8 is required. | 30 June 2020, 07:47:50 UTC |
| 9ecce34 | Mariusz Felisiak | 10 June 2020, 04:53:32 UTC | [2.2.x] Refs #31682 -- Doc'd minimal sqlparse version in Django 2.2. Support for sqlparse < 0.2.2 was broken in 40b0a58f5ff949fba1072627e4ad11ef98aa7f36 because is_whitespace property was added in sqlparse 0.2.2. Backport of 4339f2aff272bceabd67e452c65bcfe0700b3f09 from master. | 10 June 2020, 04:55:55 UTC |
| cdad78e | Stephen Rauch | 06 November 2019, 03:11:09 UTC | [2.2.x] Refs #30183 -- Doc'd dropping support for sqlparse < 0.2.2. Support for sqlparse < 0.2.2 was broken in 782d85b6dfa191e67c0f1d572641d8236c79174c because is_whitespace property was added in sqlparse 0.2.2. Backport of 4b6db766ba4b613d317c87f87d1d63865b7424a4 from master. | 10 June 2020, 04:18:44 UTC |
| b2b2723 | Mariusz Felisiak | 05 June 2020, 05:21:52 UTC | [2.2.x] Fixed #31654 -- Fixed cache key validation messages. Backport of 926148ef019abcac3a9988c78734d9336d69f24e from master. | 05 June 2020, 05:24:04 UTC |
| b877190 | Mariusz Felisiak | 04 June 2020, 05:37:40 UTC | [2.2.x] Fixed ForeignKeyRawIdWidgetTest.test_render_unsafe_limit_choices_to on Python 3.5. | 04 June 2020, 05:37:40 UTC |
| ea9bc39 | Mariusz Felisiak | 03 June 2020, 10:37:37 UTC | [2.2.x] Refs CVE-2020-13254 -- Fixed cache.tests when KEY_PREFIX is defined. Follow up to 2c82414914ae6476be5a166be9ff49c24d0d9069. Backport of 229c9c6653356a0bc23846d83b2d4b5d0438a145 from master | 03 June 2020, 11:01:31 UTC |
| 2661c22 | Carlton Gibson | 03 June 2020, 08:50:32 UTC | [2.2.x] Post-release version bump. | 03 June 2020, 08:50:32 UTC |
