./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.9.10, Package name: py27-django-1.9.10, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [lang/python27]

Master sites:

SHA1: ec0acd8b5a8367c871ef715c9d2f4b66010b3c8d
RMD160: 4cdb76aba3bf4364b44b6f549bbb6497bb74870f
Filesize: 7318.955 KB

Version history: (Expand)

CVS history: (Expand)

   2016-10-21 04:19:46 by Wen Heping | Files touched by this commit (2) | Package updated
Log message:
Update to 1.9.10(security update)

Upstream changes:
Django 1.9.10 release notes

September 26, 2016

Django 1.9.10 fixes a security issue in 1.9.9.
CSRF protection bypass on a site with Google Analytics

An interaction between Google Analytics and Django's cookie parsing could allow \ 
an attacker to set arbitrary cookies leading to a bypass of CSRF protection.

The parser for request.COOKIES is simplified to better match the behavior of \ 
browsers and to mitigate this attack. request.COOKIES may now contain cookies \ 
that are invalid according to RFC 6265 but are possible to set via \ 
   2016-08-28 17:48:37 by Thomas Klausner | Files touched by this commit (112)
Log message:
Remove unnecessary PLIST_SUBST and FILES_SUBST that are now provided
by the infrastructure.

Mark a couple more packages as not ready for python-3.x.
   2016-08-04 10:23:11 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.9.9:
* Fixed invalid HTML in template postmortem on the debug page
* Fixed some GIS database function crashes on MySQL 5.7
   2016-07-19 09:32:42 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
Django 1.9.8 fixes a security issue and several bugs in 1.9.7.

Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the \ 
admin’s add/change related popup. Element.textContent is now used to prevent \ 
execution of the data.

The debug view also used innerHTML. Although a security issue wasn’t \ 
identified there, out of an abundance of caution it’s also updated to use \ 


* Fixed missing varchar/text_pattern_ops index on CharField and TextField \ 
respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.
   2016-06-06 11:34:59 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.9.7:
* Removed the need for the request context processor on the admin login page to \ 
fix a regression in 1.9.
* Fixed translation of password validators’ help_text in forms.
* Fixed a regression causing the cached template loader to crash when using lazy \ 
template names.
* Fixed on_commit callbacks execution order when callbacks make transactions.
* Fixed HStoreField to raise a ValidationError instead of crashing on \ 
non-dictionary JSON input.
* Fixed dbshell crash on PostgreSQL with an empty database name.
* Fixed a regression in queries on a OneToOneField that has to_field and \ 
   2016-05-07 09:51:52 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 1.9.6:
Added support for relative path redirects to the test client and to \ 
SimpleTestCase.assertRedirects() because Django 1.9 no longer converts redirects \ 
to absolute URIs.
Fixed TimeField microseconds round-tripping on MySQL and SQLite.
Prevented makemigrations from generating infinite migrations for a model field \ 
that references a functools.partial.
Fixed a regression where SessionBase.pop() returned None rather than raising a \ 
KeyError for nonexistent values.
Fixed a regression causing the cached template loader to crash when using \ 
template names starting with a dash.
Restored conversion of an empty string to null when saving values of \ 
GenericIPAddressField on SQLite and MySQL.
Fixed a makemessages regression where temporary .py extensions were leaked in \ 
source file paths
   2016-04-08 18:20:18 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Changes 1.9.5:
Made MultiPartParser ignore filenames that normalize to an empty string to fix \ 
crash in MemoryFileUploadHandler on specially crafted user input.
Fixed a race condition in BaseCache.get_or_set(). It now returns the default \ 
value instead of False if there’s an error when trying to add the value to the \ 
Fixed data loss on SQLite where DurationField values with fractional seconds \ 
could be saved as None.
The forms in contrib.auth no longer strip trailing and leading whitespace from \ 
the password fields. The change requires users who set their password to \ 
something with such whitespace after a site updated to Django 1.9 to reset their \ 
password. It provides backwards-compatibility for earlier versions of Django.
Fixed a memory leak in the cached template loader.
Fixed a regression that caused collectstatic --clear to fail if the storage \ 
doesn’t implement path().
Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has \ 
a to_field set to something other than the primary key.
Fixed a regression in CommonMiddleware that caused spurious warnings in logs on \ 
requests missing a trailing slash.
Restored the functionality of the admin’s raw_id_fields in list_editable.
Fixed a regression with abstract model inheritance and explicit parent links.
Fixed a migrations crash on SQLite when renaming the primary key of a model \ 
containing a ForeignKey to 'self'.
Fixed JSONField inadvertently escaping its contents when displaying values after \ 
failed form validation.
   2016-03-06 15:17:06 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Django 1.9.4 fixes a regression on Python 2 in the 1.9.3 security release where \ 
utils.http.is_safe_url() crashes on bytestring URLs.