Django 4.1.2 release notes

October 4, 2022

Django 4.1.2 fixes a security issue with severity “medium” and several bugs in
4.1.1.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

Internationalized URLs were subject to potential denial of service attack via
the locale parameter.

Bugfixes

• Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
  when adding a model with ExclusionConstraint (#33982).
• Fixed a regression in Django 4.1 that caused aggregation over a queryset that
  contained an Exists annotation to crash due to too many selected columns
  (#33992).
• Fixed a bug in Django 4.1 that caused an incorrect validation of
  CheckConstraint on NULL values (#33996).
• Fixed a regression in Django 4.1 that caused a
  QuerySet.values()/values\_list() crash on ArrayAgg() and
  JSONBAgg() (#34016).
• Fixed a bug in Django 4.1 that caused ModelAdmin.autocomplete\_fields
  to be incorrectly selected after adding/changing related instances via popups
  (#34025).
• Fixed a regression in Django 4.1 where the app registry was not populated
  when running parallel tests with the multiprocessing start method
  spawn (#34010).
• Fixed a regression in Django 4.1 where the --debug-mode argument to
  test did not work when running parallel tests with the
  multiprocessing start method spawn (#34010).
• Fixed a regression in Django 4.1 that didn’t alter a sequence type when
  altering type of pre-Django 4.1 serial columns on PostgreSQL
  (#34058).
• Fixed a regression in Django 4.1 that caused a crash for View
  subclasses with asynchronous handlers when handling non-allowed HTTP methods
  (#34062).
• Reverted caching related managers for ForeignKey, ManyToManyField,
  and GenericRelation that caused the incorrect refreshing of related
  objects (#33984).
• Relaxed the system check added in Django 4.1 for the same name used for
  multiple template tag modules to a warning (#32987).