From f86eb5f89bc0bd05b407040082d0679feff09090 Mon Sep 17 00:00:00 2001 From: Jacob Walls Date: Tue, 7 Apr 2026 16:02:32 -0400 Subject: [PATCH 1/2] Removed PY38 and PY39 version constants. As the oldest supported version is Django 5.2, we only need constants for PY310+. --- django/utils/version.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/django/utils/version.py b/django/utils/version.py index 9f694070c5e8..be727df7b6e3 100644 --- a/django/utils/version.py +++ b/django/utils/version.py @@ -13,8 +13,6 @@ # or later". So that third-party apps can use these values, each constant # should remain as long as the oldest supported Django version supports that # Python version. -PY38 = sys.version_info >= (3, 8) -PY39 = sys.version_info >= (3, 9) PY310 = sys.version_info >= (3, 10) PY311 = sys.version_info >= (3, 11) PY312 = sys.version_info >= (3, 12) From 280256499c5b2d636949f3c8cb52159a8e4c26bb Mon Sep 17 00:00:00 2001 From: Jacob Walls Date: Wed, 8 Apr 2026 09:30:10 -0400 Subject: [PATCH 2/2] Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable. As originally written, this test interfered with admin_views.tests.SeleniumTests.test_inline_uuid_pk_add_with_popup. To fix this, register the new ModelAdmin with a different AdminSite. --- tests/admin_views/admin.py | 5 +++-- tests/admin_views/tests.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py index 26648a1e47cc..10fccca1a187 100644 --- a/tests/admin_views/admin.py +++ b/tests/admin_views/admin.py @@ -369,7 +369,7 @@ def get_queryset(self, request): return super().get_queryset(request).order_by("age") -class ParentWithUUIDPKAdmin(admin.ModelAdmin): +class ParentWithUUIDPKNoAddAdmin(admin.ModelAdmin): list_display = ("id", "title") list_editable = ("title",) @@ -1294,7 +1294,7 @@ class CourseAdmin(admin.ModelAdmin): site.register(InlineReferer, InlineRefererAdmin) site.register(ReferencedByGenRel) site.register(GenRelReference) -site.register(ParentWithUUIDPK, ParentWithUUIDPKAdmin) +site.register(ParentWithUUIDPK) site.register(RelatedPrepopulated, search_fields=["name"]) site.register(RelatedWithUUIDPKModel) site.register(ReadOnlyRelatedField, ReadOnlyRelatedFieldAdmin) @@ -1373,6 +1373,7 @@ class CourseAdmin(admin.ModelAdmin): site7 = admin.AdminSite(name="admin7") site7.register(Article, ArticleAdmin2) site7.register(Section) +site7.register(ParentWithUUIDPK, ParentWithUUIDPKNoAddAdmin) # Admin for testing optgroup in popup response diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 107267b3422f..532f1e1ea09e 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -4742,7 +4742,7 @@ def test_forged_post_submission_when_no_add_permission(self): "_save": "Save", } # This model admin allows no add permissions. - changelist_url = reverse("admin:admin_views_parentwithuuidpk_changelist") + changelist_url = reverse("admin7:admin_views_parentwithuuidpk_changelist") response = self.client.post(changelist_url, data) self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST) self.assertEqual(ParentWithUUIDPK.objects.count(), before_count)