./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.6.6, Package name: py27-django-1.6.6, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[www/py-flup] [databases/py-psycopg2] [lang/python27]


Package options: pgsql

Master sites:

SHA1: 8d62f12e64aa75fbb785588105d6bdc93e9bc566
RMD160: e8d1d30b15668d30ebe5cc62deaa20935f6a7f91
Filesize: 6489.703 KB

Version history: (Expand)


CVS history: (Expand)


   2014-08-23 13:13:01 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.6:
Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
   2014-05-20 13:06:26 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.5:
These releases address a caching issue which might lead to cache poisoning and \ 
an incorrect validation of safe redirect targets. Since these issues will affect \ 
the majority of users we strongly encourage everyone to upgrade.
   2014-05-09 09:37:28 by Thomas Klausner | Files touched by this commit (553)
Log message:
Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.
   2014-05-03 20:19:30 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.4:
Shortly after last week's security releases were issued, we received reports of \ 
a potential regression in using reverse() with views created by \ 
functools.partial. We were able to confirm the bug, and test and commit a fix \ 
for it.
   2014-04-22 20:05:22 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.3:
These releases address an unexpected code-execution issue, a caching issue which \ 
can expose CSRF tokens and a MySQL typecasting issue. While these issues present \ 
limited risk and may not affect all Django users, we encourage all users to \ 
evaluate their own risk and upgrade as soon as possible.
   2014-02-09 09:09:04 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.2:
Prevented the base geometry object of a prepared geometry to be garbage \ 
collected, which could lead to crash Django.
Fixed a crash when executing the changepassword command when the user object \ 
representation contained non-ASCII characters.
The collectstatic command will raise an error rather than default to using the \ 
current working directory if STATIC_ROOT is not set. Combined with the --clear \ 
option, the previous behavior could wipe anything below the current working \ 
directory.
Fixed mail encoding on Python 3.3.3+.
Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, \ 
the connection wasn’t in autocommit mode but Django pretended it was.
Fixed a regression in multiple-table inheritance exclude() queries.
Added missing items to django.utils.timezone.__all__.
Fixed a field misalignment issue with select_related() and model inheritance.
Fixed join promotion for negated AND conditions.
Oracle database introspection now works with boolean and float fields.
Fixed an issue where lazy objects weren’t actually marked as safe when passed \ 
through mark_safe() and could end up being double-escaped
   2014-01-30 19:20:19 by Thomas Klausner | Files touched by this commit (1)
Log message:
Judging from the documentation, this prefers py-sqlite3 nowadays,
which has the advantage of being available for python-3.x.
(default-off option, so no PKGREVISION++)
   2014-01-25 11:30:32 by Thomas Klausner | Files touched by this commit (533) | Package updated
Log message:
Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.