/py-django, Django, a high-level Python Web framework
1.6.8, Package name:
py27-django-1.6.8, Maintainer: joerg
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
#!/bin/shRequired to run:
case $STAGE in
@PY_MANAGE_EGGS@ unregister @DJANGOEGG@
] Package options
Master sites: SHA1:
Version history: (Expand)
- (2014-11-23) Updated to version: py27-django-1.6.8
- (2014-08-23) Updated to version: py27-django-1.6.6
- (2014-05-20) Updated to version: py27-django-1.6.5
- (2014-05-04) Updated to version: py27-django-1.6.4
- (2014-04-23) Updated to version: py27-django-1.6.3
- (2014-02-09) Updated to version: py27-django-1.6.2
CVS history: (Expand)
| 2014-11-23 15:05:13 by Adam Ciarcinski | Files touched by this commit (2) |
This release fixes a couple regressions in the 1.6.6 security release.
Allowed related many-to-many fields to be referenced in the admin
Allowed inline and hidden references to admin fields
| 2014-08-23 13:13:01 by Adam Ciarcinski | Files touched by this commit (2) |
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
| 2014-05-20 13:06:26 by Adam Ciarcinski | Files touched by this commit (2) |
These releases address a caching issue which might lead to cache poisoning and \
an incorrect validation of safe redirect targets. Since these issues will affect \
the majority of users we strongly encourage everyone to upgrade.
| 2014-05-09 09:37:28 by Thomas Klausner | Files touched by this commit (553) |
Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.
| 2014-05-03 20:19:30 by Adam Ciarcinski | Files touched by this commit (2) |
Shortly after last week's security releases were issued, we received reports of \
a potential regression in using reverse() with views created by \
functools.partial. We were able to confirm the bug, and test and commit a fix \
| 2014-04-22 20:05:22 by Adam Ciarcinski | Files touched by this commit (2) |
These releases address an unexpected code-execution issue, a caching issue which \
can expose CSRF tokens and a MySQL typecasting issue. While these issues present \
limited risk and may not affect all Django users, we encourage all users to \
evaluate their own risk and upgrade as soon as possible.
| 2014-02-09 09:09:04 by Adam Ciarcinski | Files touched by this commit (2) |
Prevented the base geometry object of a prepared geometry to be garbage \
collected, which could lead to crash Django.
Fixed a crash when executing the changepassword command when the user object \
representation contained non-ASCII characters.
The collectstatic command will raise an error rather than default to using the \
current working directory if STATIC_ROOT is not set. Combined with the --clear \
option, the previous behavior could wipe anything below the current working \
Fixed mail encoding on Python 3.3.3+.
Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, \
the connection wasn’t in autocommit mode but Django pretended it was.
Fixed a regression in multiple-table inheritance exclude() queries.
Added missing items to django.utils.timezone.__all__.
Fixed a field misalignment issue with select_related() and model inheritance.
Fixed join promotion for negated AND conditions.
Oracle database introspection now works with boolean and float fields.
Fixed an issue where lazy objects weren’t actually marked as safe when passed \
through mark_safe() and could end up being double-escaped
| 2014-01-30 19:20:19 by Thomas Klausner | Files touched by this commit (1) |
Judging from the documentation, this prefers py-sqlite3 nowadays,
which has the advantage of being available for python-3.x.
(default-off option, so no PKGREVISION++)