/py-django, Django, a high-level Python Web framework
1.9.10, Package name:
py27-django-1.9.10, Maintainer: joerg
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
#!/bin/shRequired to run:
case $STAGE in
@PY_MANAGE_EGGS@ unregister @DJANGOEGG@
Master sites: SHA1:
Version history: (Expand)
- (2016-10-21) Updated to version: py27-django-1.9.10
- (2016-08-04) Updated to version: py27-django-1.9.9
- (2016-07-19) Updated to version: py27-django-1.9.8
- (2016-06-06) Updated to version: py27-django-1.9.7
- (2016-05-07) Updated to version: py27-django-1.9.6
- (2016-04-09) Updated to version: py27-django-1.9.5
CVS history: (Expand)
| 2016-10-21 04:19:46 by Wen Heping | Files touched by this commit (2) | |
Update to 1.9.10(security update)
Django 1.9.10 release notes
September 26, 2016
Django 1.9.10 fixes a security issue in 1.9.9.
CSRF protection bypass on a site with Google Analytics
An interaction between Google Analytics and Django's cookie parsing could allow \
an attacker to set arbitrary cookies leading to a bypass of CSRF protection.
The parser for request.COOKIES is simplified to better match the behavior of \
browsers and to mitigate this attack. request.COOKIES may now contain cookies \
that are invalid according to RFC 6265 but are possible to set via \
| 2016-08-28 17:48:37 by Thomas Klausner | Files touched by this commit (112) |
Remove unnecessary PLIST_SUBST and FILES_SUBST that are now provided
by the infrastructure.
Mark a couple more packages as not ready for python-3.x.
| 2016-08-04 10:23:11 by Adam Ciarcinski | Files touched by this commit (2) |
* Fixed invalid HTML in template postmortem on the debug page
* Fixed some GIS database function crashes on MySQL 5.7
| 2016-07-19 09:32:42 by Adam Ciarcinski | Files touched by this commit (3) | |
Django 1.9.8 fixes a security issue and several bugs in 1.9.7.
admin’s add/change related popup. Element.textContent is now used to prevent \
execution of the data.
The debug view also used innerHTML. Although a security issue wasn’t \
identified there, out of an abundance of caution it’s also updated to use \
* Fixed missing varchar/text_pattern_ops index on CharField and TextField \
respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.
| 2016-06-06 11:34:59 by Adam Ciarcinski | Files touched by this commit (2) |
* Removed the need for the request context processor on the admin login page to \
fix a regression in 1.9.
* Fixed translation of password validators’ help_text in forms.
* Fixed a regression causing the cached template loader to crash when using lazy \
* Fixed on_commit callbacks execution order when callbacks make transactions.
* Fixed HStoreField to raise a ValidationError instead of crashing on \
non-dictionary JSON input.
* Fixed dbshell crash on PostgreSQL with an empty database name.
* Fixed a regression in queries on a OneToOneField that has to_field and \
| 2016-05-07 09:51:52 by Adam Ciarcinski | Files touched by this commit (3) |
Added support for relative path redirects to the test client and to \
SimpleTestCase.assertRedirects() because Django 1.9 no longer converts redirects \
to absolute URIs.
Fixed TimeField microseconds round-tripping on MySQL and SQLite.
Prevented makemigrations from generating infinite migrations for a model field \
that references a functools.partial.
Fixed a regression where SessionBase.pop() returned None rather than raising a \
KeyError for nonexistent values.
Fixed a regression causing the cached template loader to crash when using \
template names starting with a dash.
Restored conversion of an empty string to null when saving values of \
GenericIPAddressField on SQLite and MySQL.
Fixed a makemessages regression where temporary .py extensions were leaked in \
source file paths
| 2016-04-08 18:20:18 by Adam Ciarcinski | Files touched by this commit (2) | |
Made MultiPartParser ignore filenames that normalize to an empty string to fix \
crash in MemoryFileUploadHandler on specially crafted user input.
Fixed a race condition in BaseCache.get_or_set(). It now returns the default \
value instead of False if there’s an error when trying to add the value to the \
Fixed data loss on SQLite where DurationField values with fractional seconds \
could be saved as None.
The forms in contrib.auth no longer strip trailing and leading whitespace from \
the password fields. The change requires users who set their password to \
something with such whitespace after a site updated to Django 1.9 to reset their \
password. It provides backwards-compatibility for earlier versions of Django.
Fixed a memory leak in the cached template loader.
Fixed a regression that caused collectstatic --clear to fail if the storage \
doesn’t implement path().
Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has \
a to_field set to something other than the primary key.
Fixed a regression in CommonMiddleware that caused spurious warnings in logs on \
requests missing a trailing slash.
Restored the functionality of the admin’s raw_id_fields in list_editable.
Fixed a regression with abstract model inheritance and explicit parent links.
Fixed a migrations crash on SQLite when renaming the primary key of a model \
containing a ForeignKey to 'self'.
Fixed JSONField inadvertently escaping its contents when displaying values after \
failed form validation.
| 2016-03-06 15:17:06 by Adam Ciarcinski | Files touched by this commit (3) |
Django 1.9.4 fixes a regression on Python 2 in the 1.9.3 security release where \
utils.http.is_safe_url() crashes on bytestring URLs.