./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.11.21, Package name: py37-django-1.11.21, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 2b2f2c26835c641ccc313bd5330418237e587741
RMD160: 6dde2ec05193955a09d3717bc5bc033816a87354
Filesize: 7663.219 KB

Version history: (Expand)


CVS history: (Expand)


   2019-06-03 14:33:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.21

Django 1.11.21 release notes

CVE-2019-12308: AdminURLFieldWidget XSS

The clickable “Current URL” link generated by AdminURLFieldWidget displayed \ 
the provided value without validating it as a safe URL. Thus, an unvalidated \ 
value stored in the database, or a value provided as a URL query parameter \ 
payload, could result in an clickable JavaScript link.

AdminURLFieldWidget now validates the provided value using URLValidator before \ 
displaying the clickable link. You may customise the validator by passing a \ 
validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using \ 
formfield_overrides.
   2019-02-12 14:11:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.20

1.11.20:
Bugfixes
Corrected packaging error from 1.11.19

1.11.19:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the \ 
the floatformat, filesizeformat, and intcomma templates filters – received a \ 
Decimal with a large number of digits or a large exponent, it could lead to \ 
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using \ 
scientific notation.
   2019-01-04 23:07:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.18

Django 1.11.18 fixes a security issue in 1.11.17.
CVE-2019-3498: Content spoofing possibility in the default 404 page
   2018-12-03 19:59:35 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
py-django: updated to 1.11.17

Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7.

Bugfixes:
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an \ 
attempt to fix a random crash involving LooseVersion since Django 1.11.14.
   2018-10-02 10:06:45 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.16

Django 1.11.16:
Fixed a race condition in QuerySet.update_or_create() that could result in data loss
   2018-08-02 16:02:21 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.5

1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware

If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if \ 
the project has a URL pattern that accepts any path ending in a slash (many \ 
content management systems have such a pattern), then a request to a maliciously \ 
crafted URL of that site could lead to a redirect to another site, enabling \ 
phishing and other attacks.

CommonMiddleware now escapes leading slashes to prevent redirects to other domains.
   2018-07-03 08:42:27 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django: updated to 1.11.4

Django 1.11.14:

Bugfixes:
Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+.
Fixed a regression in Django 1.10 that could result in large memory usage when \ 
making edits using ModelAdmin.list_editable
   2018-05-02 08:28:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.13

1.11.13:
Bugfixes
* Fixed a regression in Django 1.11.8 where altering a field with a unique \ 
constraint may drop and rebuild more foreign keys than necessary.
* Fixed crashes in django.contrib.admindocs when a view is a callable object, \ 
such as django.contrib.syndication.views.Feed.
* Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() \ 
after combining an annotated and unannotated queryset with union(), \ 
difference(), or intersection() crashed due to mismatching columns