Django 4.1.2 release notes¶
October 4, 2022
Django 4.1.2 fixes a security issue with severity “medium” and several bugs in 4.1.1.
CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs¶
Internationalized URLs were subject to potential denial of service attack via the locale parameter.
Bugfixes¶
- Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
when adding a model with
ExclusionConstraint
(#33982). - Fixed a regression in Django 4.1 that caused aggregation over a queryset that
contained an
Exists
annotation to crash due to too many selected columns (#33992). - Fixed a bug in Django 4.1 that caused an incorrect validation of
CheckConstraint
onNULL
values (#33996). - Fixed a regression in Django 4.1 that caused a
QuerySet.values()/values_list()
crash onArrayAgg()
andJSONBAgg()
(#34016). - Fixed a bug in Django 4.1 that caused
ModelAdmin.autocomplete_fields
to be incorrectly selected after adding/changing related instances via popups (#34025). - Fixed a regression in Django 4.1 where the app registry was not populated
when running parallel tests with the
multiprocessing
start methodspawn
(#34010). - Fixed a regression in Django 4.1 where the
--debug-mode
argument totest
did not work when running parallel tests with themultiprocessing
start methodspawn
(#34010). - Fixed a regression in Django 4.1 that didn’t alter a sequence type when altering type of pre-Django 4.1 serial columns on PostgreSQL (#34058).
- Fixed a regression in Django 4.1 that caused a crash for
View
subclasses with asynchronous handlers when handling non-allowed HTTP methods (#34062). - Reverted caching related managers for
ForeignKey
,ManyToManyField
, andGenericRelation
that caused the incorrect refreshing of related objects (#33984). - Relaxed the system check added in Django 4.1 for the same name used for multiple template tag modules to a warning (#32987).