Log Message:
py-django2: updated to 2.2.2

2.2.2:
CVE-2019-12308: AdminURLFieldWidget XSS

The clickable "Current URL" link generated by AdminURLFieldWidget \ 
displayed the provided value without validating it as a safe URL. Thus, an \ 
unvalidated value stored in the database, or a value provided as a URL query \ 
parameter payload, could result in an clickable JavaScript link.

AdminURLFieldWidget now validates the provided value using URLValidator before \ 
displaying the clickable link. You may customise the validator by passing a \ 
validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using \ 
ModelAdmin.formfield_overrides.

2.2.1:
Bugfixes

Fixed a regression in Django 2.1 that caused the incorrect quoting of database \ 
user password when using dbshell on Oracle
Added compatibility for psycopg2 2.8
Fixed a regression in Django 2.2 that caused a crash when loading the template \ 
for the technical 500 debug page
Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an \ 
expression with params
Fixed a regression in Django 2.2 that caused a single instance fast-delete to \ 
not set the primary key to None
Prevented makemigrations from generating infinite migrations for check \ 
constraints and partial indexes when condition contains a range object
Reverted an optimization in Django 2.2
Fixed a regression in Django 2.2 where Paginator crashes if object_list is a \ 
queryset ordered or aggregated over a nested JSONField key transform
Fixed a regression in Django 2.2 where IntegerField validation of database \ 
limits crashes if limit_value attribute in a custom validator is callable
Fixed a regression in Django 2.2 where SearchVector generates SQL that is not \ 
indexable
Fixed a regression in Django 2.2 that caused an exception to be raised when a \ 
custom error handler could not be imported
Relaxed the system check added in Django 2.2 for the admin app’s dependencies \ 
to reallow use of SessionMiddleware subclasses, rather than requiring \ 
django.contrib.sessions to be in INSTALLED_APPS
Increased the default timeout when using Watchman to 5 seconds to prevent \ 
falling back to StatReloader on larger projects and made it customizable via the \ 
DJANGO_WATCHMAN_TIMEOUT environment variable
Fixed a regression in Django 2.2 that caused a crash when migrating permissions \ 
for proxy models if the target permissions already existed. For example, when a \ 
permission had been created manually or a model had been migrated from concrete \ 
to proxy
Fixed a regression in Django 2.2 that caused a crash of runserver when URLConf \ 
modules raised exceptions
Fixed a regression in Django 2.2 where changes were not reliably detected by \ 
auto-reloader when using StatReloader
Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint \ 
with a contains, startswith, or endswith lookup (or their case-insensitive \ 
variant)
Fixed a migration crash on Oracle and SQLite when adding a check constraint with \ 
condition contains | (OR) operator
 Django 2.2.2 release notesDjango 2.2 release notes

2.2:
This version has been designated as a long-term support (LTS) release, which \ 
means that security and data loss fixes will be applied for at least the next \ 
three years. It will also receive fixes for crashing bugs, major functionality \ 
bugs in newly-introduced features, and regressions from older versions of Django \ 
for the next eight months until December 2019.

As always, the release notes cover the salmagundi of new features in detail, but \ 
a few highlights are:
* HttpRequest.headers to allow simple access to a request’s headers.
* Database-level constraints on models.
* Watchman compatibility for runserver to improve the performance of watching a \ 
large number of files for changes.