Notes de publication de Django 5.0.2¶

CVE-2024-24680 : attaque potentielle par déni de service dans le filtre de gabarit intcomma¶

Le filtre de gabarit intcomma était sujet à de potentielles attaques par déni de service quand on l’utilisait avec de longues chaînes.

Correction de bogues¶

• Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in ModelAdmin.list_filter (#35087).

• Fixed a regression in Django 5.0 where links in the admin had an incorrect color (#35121).

• Fixed a bug in Django 5.0 that caused a crash of Model.full_clean() on models with a GeneratedField (#35127).

• Fixed a regression in Django 5.0 that caused a crash of FilteredRelation() with querysets as right-hand sides (#35135). FilteredRelation() now raises a ValueError on querysets as right-hand sides.

• Fixed a regression in Django 5.0 that caused a crash of the dumpdata management command when a base queryset used prefetch_related() (#35159).

• Fixed a regression in Django 5.0 that caused the request_finished signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (#35059).

• Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a BinaryField, TextField, JSONField, or GeometryField with a db_default (#35162).

• Fixed a bug in Django 5.0 that caused a migration crash on models with a literal db_default of a complex type such as dict instance of a JSONField. Running makemigrations might generate no-op AlterField operations for fields using db_default (#35149).