Django security releases issued: 5.0.3, 4.2.11, and 3.2.25

[Mariusz Felisiak]

Details are available on the Django project weblog:

https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/3c24bf94-c80b-4cd0-821b-97b738cfb93b%40gmail.com.

Re: Fellow Reports - February 2024

[Mariusz Felisiak]

Week ending March 3

*Triaged:*
https://code.djangoproject.com/ticket/35245 - Django freezes on DRF's 
APIView. (invalid)
https://code.djangoproject.com/ticket/35253 - Pagination for 
StackedInline and TabularInline (duplicate)
https://code.djangoproject.com/ticket/35251 - dumpdata refactoring 
(needsinfo)
https://code.djangoproject.com/ticket/35254 - New setting for 
ModelAdmin.list_per_page (wontfix)
https://code.djangoproject.com/ticket/35250 - Stop URL system checks 
from compiling regular expressions (accepted)
https://code.djangoproject.com/ticket/35258 - Rename the 'runserver' 
management command to 'devserver' to be more explicit that it is intended 
for development only (wontfix)
https://code.djangoproject.com/ticket/9990 - Management shell 
autocomplete breaks PYTHONSTARTUP autocomplete (fixed)
https://code.djangoproject.com/ticket/35259 - forms.JSONField validator 
doesn't match documentation behavior (duplicate)
https://code.djangoproject.com/ticket/35260 - request.GET is improperly 
type annotated (invalid)
https://code.djangoproject.com/ticket/35262 - Addindex operation 
generates wrong sql code for Postgresql GinIndex (worksforme)
https://code.djangoproject.com/ticket/35263 - Add keys() and hashes() 
functions to Redis cache backend. (wontfix)
https://code.djangoproject.com/ticket/35264 - CommandError-Conflicting 
migration detected (invalid)
https://code.djangoproject.com/ticket/35265 - Add test for AdminSite 
with custom headers. (accepted)

*Reviewed/committed:*
https://github.com/django/django/pull/17893 - Fixed #35241 -- Cached 
model's full parent list.
https://github.com/django/django/pull/17901 - Fixed #35246 -- Made 
Field.unique a cached property.
https://github.com/django/django/pull/17907 - Refs #34200 -- Removed 
unnecessary check in DatabaseWrapper.ensure_role() on PostgreSQL.
https://github.com/django/django/pull/17909 - Refs #32114 -- Fixed test 
crash on non-picklable objects in subtests when PickleError is raised.
https://github.com/django/django/pull/17903 - Fixed #29022 -- Fixed 
handling protocol-relative URLs in ManifestStaticFilesStorage when 
STATIC_URL is set to /.
https://github.com/django/djangoproject.com/pull/1486 - Fixed 
doc_test_fixtures.json.
https://github.com/django/django/pull/17483 - Refs #34964 -- Doc'd that 
Q expression order is preserved.
https://github.com/django/django/pull/17880 - Fixed #35198 -- Fixed 
facet filters crash on querysets with no primary key.
https://github.com/django/django/pull/17920 - Refs #35234 -- Moved 
constraint system checks to Check/UniqueConstraint methods.
https://github.com/django/django/pull/17921 - Fixed #35234 -- Added 
system checks for invalid model field names in 
ExclusionConstraint.expressions.
https://github.com/django/django/pull/17876 - Refs #35234 -- Deprecated 
CheckConstraint.check in favor of .condition.
https://github.com/django/django/pull/17925 - Made runserver close 
database connections from migration checks.
https://github.com/django/django/pull/17914 - Refs #33497 -- Added 
connection pool support for PostgreSQL.
https://github.com/django/django/pull/17904 - Fixed #35250 -- Made URL 
system checks use uncompiled regexes.

*Authored:*
https://github.com/django/django/pull/17915 - Removed #django-geo IRC 
channel in docs.
https://github.com/django/django/pull/17918 - Refs #35090 -- Fixed 
urlpatterns.tests.SimplifiedURLTests when run in reverse.

Best,
Mariusz

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/7ad806ce-b38b-405d-86bf-80780cfcf960n%40googlegroups.com.

Use of TIME_INPUT_FORMATS in TimeField

[Arthur Pemberton]

The documentation (
https://docs.djangoproject.com/en/5.0/ref/forms/fields/#timefield) says
that " the default input formats are taken from the active locale format
TIME_INPUT_FORMATS key, or from TIME_INPUT_FORMATS

if localization is disabled". However, neither my reading of the code, or
my actual experience shows settings.TIME_INPUT_FORMATS ever being used,
even with "USE_I18N = False"

TimeField gets the formats from `input_formats =
formats.get_format_lazy("TIME_INPUT_FORMATS")` which is a lazy version of
`formats.get_format` -- the documentation of which says "If use_l10n is
provided and is not None, it forces the value to be localized (or not),
otherwise it's always localized."

so even with "USE_I18N = False" settings.TIME_INPUT_FORMATS seems to be
ignored.

How does one use settings.TIME_INPUT_FORMATS ?

Arthur Pemberton

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CA%2BX4dQRAjfSJnAK9iZ%3DhJMkN%2BTfoShX6%2BNRsjM0oMF6jGDSuZg%40mail.gmail.com.