./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.11.15, Package name: py27-django-1.11.15, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python27]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: dfcb521471a5364bebe5fe1c40ad01cdd48e23bf
RMD160: 928d27725a612a42e29e785095811af3efbc9e71
Filesize: 7660.003 KB

Version history: (Expand)


CVS history: (Expand)


   2018-08-02 16:02:21 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.5

1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware

If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if \ 
the project has a URL pattern that accepts any path ending in a slash (many \ 
content management systems have such a pattern), then a request to a maliciously \ 
crafted URL of that site could lead to a redirect to another site, enabling \ 
phishing and other attacks.

CommonMiddleware now escapes leading slashes to prevent redirects to other domains.
   2018-07-03 08:42:27 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django: updated to 1.11.4

Django 1.11.14:

Bugfixes:
Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+.
Fixed a regression in Django 1.10 that could result in large memory usage when \ 
making edits using ModelAdmin.list_editable
   2018-05-02 08:28:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.13

1.11.13:
Bugfixes
* Fixed a regression in Django 1.11.8 where altering a field with a unique \ 
constraint may drop and rebuild more foreign keys than necessary.
* Fixed crashes in django.contrib.admindocs when a view is a callable object, \ 
such as django.contrib.syndication.views.Feed.
* Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() \ 
after combining an annotated and unannotated queryset with union(), \ 
difference(), or intersection() crashed due to mismatching columns
   2018-04-03 10:58:32 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.12

Django 1.11.12:
Bugfixes:
Fixed a regression in Django 1.11.8 where combining two annotated values_list() \ 
querysets with union(), difference(), or intersection() crashed due to \ 
mismatching columns.
Fixed a regression in Django 1.11 where an empty choice could be initially \ 
selected for the SelectMultiple and CheckboxSelectMultiple widgets
   2018-03-06 21:04:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.11

1.11.11:
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template \ 
filters
CVE-2018-7537: Denial-of-service possibility in truncatechars_html and \ 
truncatewords_html template filters
   2018-02-02 08:55:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.10

1.11.10:

CVE-2018-6188: Information leakage in AuthenticationForm

A regression in Django 1.11.8 made AuthenticationForm run its \ 
confirm_login_allowed() method even if an incorrect password is entered. This \ 
can leak information about a user, depending on what messages \ 
confirm_login_allowed() raises. If confirm_login_allowed() isn’t overridden, \ 
an attacker enter an arbitrary username and see if that user has been set to \ 
is_active=False. If confirm_login_allowed() is overridden, more sensitive \ 
details could be leaked.

This issue is fixed with the caveat that AuthenticationForm can no longer raise \ 
the “This account is inactive.” error if the authentication backend rejects \ 
inactive users (the default authentication backend, ModelBackend, has done that \ 
since Django 1.10). This issue will be revisited for Django 2.1 as a fix to \ 
address the caveat will likely be too invasive for inclusion in older versions.

Bugfixes:
Fixed incorrect foreign key nullification if a model has two foreign keys to the \ 
same model and a target model is deleted.
Fixed a regression where contrib.auth.authenticate() crashes if an \ 
authentication backend doesn’t accept request and a later one does.
Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
   2018-01-03 08:23:45 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.9

Bugfixes:
Fixed a regression in Django 1.11 that added newlines between MultiWidget’s \ 
subwidgets.
Fixed incorrect class-based model index name generation for models with quoted \ 
db_table.
Fixed incorrect foreign key constraint name for models with quoted db_table.
Fixed a regression in caching of a GenericForeignKey when the referenced model \ 
instance uses more than one level of multi-table inheritance.
   2017-12-25 10:18:24 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
REPLACE_PYTHON does not need WRKSRC