django

mirror of https://github.com/django/django.git synced 2026-02-09 02:49:25 +08:00

Go to file

Natalia a33540b3e2 Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

The `TruncateHTMLParser` used `deque.remove()` to remove tags from the
stack when processing end tags. With crafted input containing many
unmatched end tags, this caused repeated full scans of the tag stack,
leading to quadratic time complexity.

The fix uses LIFO semantics, only removing a tag from the stack when it
matches the most recently opened tag. This avoids linear scans for
unmatched end tags and reduces complexity to linear time.

Refs #30686 and 6ee37ada32.

Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for
reviews.

2026-02-03 07:54:16 -05:00

.github

Fixed spell checking in docs GitHub Actions workflow.

2026-01-29 11:20:11 -03:00

.tx

Updated Transifex configuration for new CLI.

2023-04-02 09:54:33 +02:00

django

Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

2026-02-03 07:54:16 -05:00

docs

Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

2026-02-03 07:54:16 -05:00

extras

Migrated setuptools configuration to pyproject.toml.

2024-06-24 15:34:43 -03:00

js_tests

Fixed #13883 -- Rendered named choice groups with <optgroup> in FilteredSelectMultiple.

2026-01-22 21:12:23 -05:00

scripts

Fixed #36639 -- Added CI step to run makemigrations --check against test models.

2026-01-20 10:40:53 -05:00

tests

Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

2026-02-03 07:54:16 -05:00

.editorconfig

Fixed #36177 -- Added a trailing newline to JSON serializer. (#19232 )

2025-03-11 08:01:06 +01:00

.flake8

Fixed #36500 -- Set flake8 max-doc-length config to 79 columns.

2025-07-23 20:17:55 -03:00

.git-blame-ignore-revs

Ignored 6cff020787 formatting changes in git blame.

2026-01-19 10:00:34 +01:00

.gitattributes

Removed Git attribute merge=union for release notes.

2025-09-25 08:44:17 +02:00

.gitignore

Refs #34043 -- Added --screenshots option to runtests.py and selenium tests.

2023-10-18 06:14:40 +02:00

.pre-commit-config.yaml

Applied Black's 2026 stable style.

2026-01-18 21:26:56 +01:00

.readthedocs.yml

Upgraded to Python 3.12, Ubuntu 24.04, and enabled fail_on_warning for docs builds.

2024-11-27 15:20:49 -03:00

AUTHORS

Fixed #36879 -- Identified Django client in Redis client metadata.

2026-02-03 06:40:29 -05:00

CONTRIBUTING.rst

Added link to the code of conduct from contributing guides.

2015-04-17 18:12:41 -04:00

eslint-recommended.js

Refs #36619 -- Included third-party licenses with vendored eslint configuration files.

2025-11-26 11:39:01 -05:00

eslint.config.mjs

Fixed #36619 -- Vendored eslint configuration dependencies.

2025-09-30 08:45:39 +02:00

globals.js

Refs #36619 -- Included third-party licenses with vendored eslint configuration files.

2025-11-26 11:39:01 -05:00

Gruntfile.js

Refs #31265 -- Updated .eslintignore to match eslint tests

2020-12-23 11:14:48 +01:00

INSTALL

Fixed #36005 -- Dropped support for Python 3.10 and 3.11.

2025-01-20 14:07:28 +01:00

LICENSE

Whitespace cleanup.

2013-10-10 16:49:20 -04:00

LICENSE.python

Removed current year from Python license file.

2025-01-02 11:50:14 -03:00

MANIFEST.in

Skipped scripts/ folder from built release artifacts.

2025-11-21 15:36:25 -03:00

package.json

Bumped linter versions in requirements files and tox.ini.

2026-01-14 15:07:10 -05:00

pyproject.toml

Refs #35844 -- Doc'd Python 3.14 compatibility.

2025-10-17 19:25:02 +02:00

README.rst

Fixed #35908 -- Retired the django-developers and django-users mailing lists.

2025-02-19 12:14:27 +01:00

tox.ini

Bumped linter versions in requirements files and tox.ini.

2026-01-14 15:07:10 -05:00

zizmor.yml

Fixed #36620 -- Fixed workflow to summarize coverage in PRs.

2025-12-04 10:25:21 -05:00

README.rst

======
Django
======

Django is a high-level Python web framework that encourages rapid development
and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "``docs``" directory and online at
https://docs.djangoproject.com/en/stable/. If you're just getting started,
here's how we recommend you read the docs:

* First, read ``docs/intro/install.txt`` for instructions on installing Django.

* Next, work through the tutorials in order (``docs/intro/tutorial01.txt``,
  ``docs/intro/tutorial02.txt``, etc.).

* If you want to set up an actual deployment server, read
  ``docs/howto/deployment/index.txt`` for instructions.

* You'll probably want to read through the topical guides (in ``docs/topics``)
  next; from there you can jump to the HOWTOs (in ``docs/howto``) for specific
  problems, and check out the reference (``docs/ref``) for gory details.

* See ``docs/README`` for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think
they should be clarified in any way, please take 30 seconds to fill out a
ticket here: https://code.djangoproject.com/newticket

To get more help:

* Join the `Django Discord community <https://chat.djangoproject.com>`_.

* Join the community on the `Django Forum <https://forum.djangoproject.com/>`_.

To contribute to Django:

* Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for
  information about getting involved.

To run Django's test suite:

* Follow the instructions in the "Unit tests" section of
  ``docs/internals/contributing/writing-code/unit-tests.txt``, published online at
  https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests

Supporting the Development of Django
====================================

Django's development depends on your contributions.

If you depend on Django, remember to support the Django Software Foundation: https://www.djangoproject.com/fundraising/