Overview All releases

Version History

5.0.4 5.0.3 5.0.2 5.0.1 5.0 5.0-rc1 5.0-b1 5.0-a1

4.2.11 4.2.10 4.2.9 4.2.8 4.2.7 4.2.6 4.2.5 4.2.4 4.2.3 4.2.2

4.2.1

4.2

4.2-rc1

4.2-b1

4.2-a1

4.1.13 4.1.12 4.1.11 4.1.10 4.1.9 4.1.8 4.1.7 4.1.6 4.1.5 4.1.4 4.1.3 4.1.2 4.1.1 4.1

4.1-rc1

4.1-b1

4.1-a1

4.0.10 4.0.9 4.0.8 4.0.7 4.0.6 4.0.5 4.0.4 4.0.3 4.0.2 4.0.1

4.0

4.0-rc1

4.0-b1

4.0-a1

3.2.25 3.2.24 3.2.23 3.2.22 3.2.21 3.2.20 3.2.19 3.2.18 3.2.17 3.2.16 3.2.15 3.2.14 3.2.13 3.2.12 3.2.11

3.2.10

3.2.9

3.2.8

3.2.7

3.2.6

3.2.5

3.2.4

3.2.3

3.2.2

3.2.1

3.2

3.2-rc1

3.2-b1

3.2-a1

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1

3.1-rc1

3.1-b1

3.1-a1

3.0.14

3.0.13

3.0.12

3.0.11

3.0.10

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0

3.0-rc1

3.0-b1

3.0-a1

2.2.28 2.2.27 2.2.26

2.2.25

2.2.24

2.2.23

2.2.22

2.2.21

2.2.20

2.2.19

2.2.18

2.2.17

2.2.16

2.2.15

2.2.14

2.2.13

2.2.12

2.2.11

2.2.10

2.2.9

2.2.8

2.2.7

2.2.6

2.2.5

2.2.4

2.2.3

2.2.2

2.2.1

2.2

2.2-rc1

2.2-b1

2.2-a1

2.1.15

2.1.14

2.1.13

2.1.12

2.1.11

2.1.10

2.1.9

2.1.8

2.1.7

2.1.6

2.1.5

2.1.4

2.1.3

2.1.2

2.1.1

2.1

2.1-rc1

2.1-b1

2.1-a1

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0

2.0-rc1

2.0-b1

2.0-a1

1.11.29

1.11.28

1.11.27

1.11.26

1.11.25

1.11.24

1.11.23

1.11.22

1.11.21

1.11.20

1.11.19

1.11.18

1.11.17

1.11.16

1.11.15

1.11.14

1.11.13

1.11.12

1.11.11

1.11.10

1.11.9

1.11.8

1.11.7

1.11.6

1.11.5

1.11.4

1.11.3

1.11.2

1.11.1

1.11

1.11-rc1

1.11-b1

1.11-a1

1.10.8

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10

1.10-rc1

1.10-b1

1.10-a1

1.9.13

1.9.12

1.9.11

1.9.10

1.9.9

1.9.8

1.9.7

1.9.6

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9

1.9-rc2

1.9-rc1

1.9-b1

1.9-a1

1.8.19

1.8.18

1.8.17

1.8.16

1.8.15

1.8.14

1.8.13

1.8.12

1.8.11

1.8.10

1.8.9

1.8.8

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.2

1.8.1

1.8

1.8-c1

1.8-b2

1.8-b1

1.8-a1

1.7.11

1.7.10

1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7

1.7-c3

1.7-c2

1.7-c1

1.7-b4

1.7-b3

1.7-b2

1.7-b1

1.7-a2

1.7-a1

1.6.11

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6

1.6-c1

1.6-b4

1.6-b3

1.6-b2

1.6-b1

1.6-a1

1.5.12

1.5.11

1.5.10

1.5.9

1.5.8

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5

1.5-c2

1.5-c1

1.5-b2

1.5-b1

1.5-a1

1.4.22

1.4.21

1.4.20

1.4.19

1.4.18

1.4.17

1.4.16

1.4.15

1.4.14

1.4.13

1.4.12

1.4.11

1.4.10

1.4.9

1.4.8

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2

1.1.4

1.1.3

1.1.2

1.1.1

1.1

1.0.4

1.0.3

1.0.2

1.0.1

1.0

Django - 4.2.1

Security

Django 4.2.1 release notes

May 3, 2023

Django 4.2.1 fixes a security issue with severity “low” and several bugs in
4.2.

CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field

Uploading multiple files using one form field has never been supported by
forms.FileField or forms.ImageField as only the last
uploaded file was validated. Unfortunately, Uploading multiple files
topic suggested otherwise.

In order to avoid the vulnerability, ClearableFileInput
and FileInput form widgets now raise ValueError when
the multiple HTML attribute is set on them. To prevent the exception and
keep the old behavior, set allow\_multiple\_selected to True.

For more details on using the new attribute and handling of multiple files
through a single field, see Uploading multiple files.

Bugfixes

Fixed a regression in Django 4.2 that caused a crash of QuerySet.defer()
when deferring fields by attribute names (#34458).
Fixed a regression in Django 4.2 that caused a crash of
SearchVector function with %
characters (#34459).
Fixed a regression in Django 4.2 that caused aggregation over query that
uses explicit grouping to group against the wrong columns (#34464).
Reallowed, following a regression in Django 4.2, setting the
"cursor\_factory" option in OPTIONS on PostgreSQL
(#34466).
Enforced UTF-8 client encoding on PostgreSQL, following a regression in
Django 4.2 (#34470).
Fixed a regression in Django 4.2 where i18n\_patterns() didn’t respect the
prefix\_default\_language argument when a fallback language of the default
language was used (#34455).
Fixed a regression in Django 4.2 where translated URLs of the default
language from i18n\_patterns() with prefix\_default\_language set to
False raised 404 errors for a request with a different language
(#34515).
Fixed a regression in Django 4.2 where creating copies and deep copies of
HttpRequest, HttpResponse, and their subclasses didn’t always work
correctly (#34482, #34484).
Fixed a regression in Django 4.2 where timesince and timeuntil
template filters returned incorrect results for a datetime with a non-UTC
timezone when a time difference is less than 1 day (#34483).
Fixed a regression in Django 4.2 that caused a crash of
SearchHeadline function with
psycopg 3 (#34486).
Fixed a regression in Django 4.2 that caused incorrect ClearableFileInput
margins in the admin (#34506).
Fixed a regression in Django 4.2 where breadcrumbs didn’t appear on admin
site app index views (#34512).
Made squashing migrations reduce AddIndex, RemoveIndex,
RenameIndex, and CreateModel operations which allows removing a
deprecated Meta.index\_together option from historical migrations and use
Meta.indexes instead (#34525).

Security

CVE-2023-31047

Details

date

May 3, 2023, 11:48 a.m.

type

Patch

official page

https://docs.djangoproject.com/en/4.2/releases/4.2.1/

👇

🔍View and search all Django releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity