2022年2月1日
Django 4.0.2 では、 4.0.1 における深刻度 "medium" のセキュリティの問題2件と、いくつかのバグを修正しました。また、 Transifex からの最新の文字列翻訳が反映され、ブルガリア語の翻訳が完了しました。
{% debug %} テンプレート経由の XSS の可能性¶The {% debug %} template tag didn't properly encode the current context,
posing an XSS attack vector.
In order to avoid this vulnerability, {% debug %} no longer outputs
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.
Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Fixed a bug in Django 4.0 where TestCase.captureOnCommitCallbacks() could
execute callbacks multiple times (#33410).
Fixed a regression in Django 4.0 where help_text was HTML-escaped in
automatically-generated forms (#33419).
Fixed a regression in Django 4.0 that caused displaying an incorrect name for class-based views on the technical 404 debug page (#33425).
Fixed a regression in Django 4.0 that caused an incorrect repr of
ResolverMatch for class-based views (#33426).
Fixed a regression in Django 4.0 that caused a crash of makemigrations on
models without Meta.order_with_respect_to but with a field named
_order (#33449).
Fixed a regression in Django 4.0 that caused incorrect
ModelAdmin.radio_fields layout in the admin (#33407).
Fixed a duplicate operation regression in Django 4.0 that caused a migration crash when altering a primary key type for a concrete parent model referenced by a foreign key (#33462).
Fixed a bug in Django 4.0 that caused a crash of QuerySet.aggregate()
after annotate() on an aggregate function with a
default (#33468).
Fixed a regression in Django 4.0 that caused a crash of makemigrations
when renaming a field of a renamed model (#33480).
12月 03, 2025