./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.11.26, Package name: py37-django-1.11.26, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 34df353272f025e961288377aac1f51b05781147
RMD160: 858e3d9088e6b2b3757f4461652629f5e34ebd09
Filesize: 7789.338 KB

Version history: (Expand)


CVS history: (Expand)


   2019-11-05 08:40:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.26

Django 1.11.26:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or \ 
has_any_keys lookup on JSONField, if the right or left hand side of an \ 
expression is a key transform.
   2019-10-01 19:56:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.25

Django 1.11.25:
Fixed a crash when filtering with a Subquery() annotation of a queryset \ 
containing JSONField or HStoreField
   2019-09-04 10:31:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.24

Django 1.11.24 fixes a regression in 1.11.23.

Bugfixes
Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ 
expressions with params
   2019-08-06 11:30:46 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.23

Django 1.11.23:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for \ 
JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
   2019-07-01 20:23:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.22

Django 1.11.22:
Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
   2019-06-03 14:33:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.21

Django 1.11.21 release notes

CVE-2019-12308: AdminURLFieldWidget XSS

The clickable “Current URL” link generated by AdminURLFieldWidget displayed \ 
the provided value without validating it as a safe URL. Thus, an unvalidated \ 
value stored in the database, or a value provided as a URL query parameter \ 
payload, could result in an clickable JavaScript link.

AdminURLFieldWidget now validates the provided value using URLValidator before \ 
displaying the clickable link. You may customise the validator by passing a \ 
validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using \ 
formfield_overrides.
   2019-02-12 14:11:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.20

1.11.20:
Bugfixes
Corrected packaging error from 1.11.19

1.11.19:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the \ 
the floatformat, filesizeformat, and intcomma templates filters – received a \ 
Decimal with a large number of digits or a large exponent, it could lead to \ 
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using \ 
scientific notation.
   2019-01-04 23:07:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.18

Django 1.11.18 fixes a security issue in 1.11.17.
CVE-2019-3498: Content spoofing possibility in the default 404 page