Django 4.1.2 release notes

October 4, 2022

Django 4.1.2 fixes a security issue with severity "medium" and several bugs in 4.1.1.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

Internationalized URLs were subject to potential denial of service attack via the locale parameter.

Bugfixes

  • Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL when adding a model with ExclusionConstraint (#33982).

  • Fixed a regression in Django 4.1 that caused aggregation over a queryset that contained an Exists annotation to crash due to too many selected columns (#33992).

  • Fixed a bug in Django 4.1 that caused an incorrect validation of CheckConstraint on NULL values (#33996).

  • Fixed a regression in Django 4.1 that caused a QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg() (#34016).

  • Fixed a bug in Django 4.1 that caused ModelAdmin.autocomplete_fields to be incorrectly selected after adding/changing related instances via popups (#34025).

  • Fixed a regression in Django 4.1 where the app registry was not populated when running parallel tests with the multiprocessing start method spawn (#34010).

  • Fixed a regression in Django 4.1 where the --debug-mode argument to test did not work when running parallel tests with the multiprocessing start method spawn (#34010).

  • Fixed a regression in Django 4.1 that didn't alter a sequence type when altering type of pre-Django 4.1 serial columns on PostgreSQL (#34058).

  • Fixed a regression in Django 4.1 that caused a crash for View subclasses with asynchronous handlers when handling non-allowed HTTP methods (#34062).

  • Reverted caching related managers for ForeignKey, ManyToManyField, and GenericRelation that caused the incorrect refreshing of related objects (#33984).

  • Relaxed the system check added in Django 4.1 for the same name used for multiple template tag modules to a warning (#32987).