./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.6.8, Package name: py27-django-1.6.8, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[www/py-flup] [databases/py-psycopg2] [lang/python27]


Package options: pgsql

Master sites:

SHA1: 4efd2a20922261736c976cdb462f1b8bd691d53d
RMD160: b0990d16cca5e8df3c2cc80b18dfb59336cb049b
Filesize: 6494.796 KB

Version history: (Expand)


CVS history: (Expand)


   2014-11-23 15:05:13 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.8:
This release fixes a couple regressions in the 1.6.6 security release.
Bugfixes
Allowed related many-to-many fields to be referenced in the admin
Allowed inline and hidden references to admin fields
   2014-08-23 13:13:01 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.6:
Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
   2014-05-20 13:06:26 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.5:
These releases address a caching issue which might lead to cache poisoning and \ 
an incorrect validation of safe redirect targets. Since these issues will affect \ 
the majority of users we strongly encourage everyone to upgrade.
   2014-05-09 09:37:28 by Thomas Klausner | Files touched by this commit (553)
Log message:
Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.
   2014-05-03 20:19:30 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.4:
Shortly after last week's security releases were issued, we received reports of \ 
a potential regression in using reverse() with views created by \ 
functools.partial. We were able to confirm the bug, and test and commit a fix \ 
for it.
   2014-04-22 20:05:22 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.3:
These releases address an unexpected code-execution issue, a caching issue which \ 
can expose CSRF tokens and a MySQL typecasting issue. While these issues present \ 
limited risk and may not affect all Django users, we encourage all users to \ 
evaluate their own risk and upgrade as soon as possible.
   2014-02-09 09:09:04 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.6.2:
Prevented the base geometry object of a prepared geometry to be garbage \ 
collected, which could lead to crash Django.
Fixed a crash when executing the changepassword command when the user object \ 
representation contained non-ASCII characters.
The collectstatic command will raise an error rather than default to using the \ 
current working directory if STATIC_ROOT is not set. Combined with the --clear \ 
option, the previous behavior could wipe anything below the current working \ 
directory.
Fixed mail encoding on Python 3.3.3+.
Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, \ 
the connection wasn’t in autocommit mode but Django pretended it was.
Fixed a regression in multiple-table inheritance exclude() queries.
Added missing items to django.utils.timezone.__all__.
Fixed a field misalignment issue with select_related() and model inheritance.
Fixed join promotion for negated AND conditions.
Oracle database introspection now works with boolean and float fields.
Fixed an issue where lazy objects weren’t actually marked as safe when passed \ 
through mark_safe() and could end up being double-escaped
   2014-01-30 19:20:19 by Thomas Klausner | Files touched by this commit (1)
Log message:
Judging from the documentation, this prefers py-sqlite3 nowadays,
which has the advantage of being available for python-3.x.
(default-off option, so no PKGREVISION++)