Path to this page:
Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2019-08-06 11:33:00
Message id: 20190806093300.8B60EFBF4@cvs.NetBSD.org
Log Message:
py-django2: updated to 2.2.4
Django 2.2.4:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for \
JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), \
intersection(), or difference() by a field type present more than once results \
in the wrong ordering being used
* Fixed a migration crash on PostgreSQL when adding a check constraint with a \
contains lookup on DateRangeField or DateTimeRangeField, if the right hand side \
of an expression is the same type
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path \
contains nulls characters ('\x00')
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation \
directory cannot be resolved
Files: