./www/py-django2, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.8, Package name: py37-django-2.2.8, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 0a631fe2237fea6a60cdd5d02b618632b6e49a1b
RMD160: ae25304c6a33c48abaddc4670b8e46de9fe675b3
Filesize: 8662.756 KB

Version history: (Expand)


CVS history: (Expand)


   2019-12-02 12:46:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.8

2.2.8:
* CVE-2019-19118: Privilege escalation in the Django admin.
* Fixed a data loss possibility in the admin changelist view when a custom \ 
formset’s prefix contains regular expression special characters, e.g. ‘$’.
* Fixed a regression in Django 2.2.1 that caused a crash when migrating \ 
permissions for proxy models with a multiple database setup if the default entry \ 
was empty.
* Fixed a data loss possibility in the select_for_update(). When using 'self' in \ 
the of argument with multi-table inheritance, a parent model was locked instead \ 
of the queryset’s model
   2019-11-05 08:44:24 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.7

Django 2.2.7:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or \ 
has_any_keys lookup on JSONField, if the right or left hand side of an \ 
expression is a key transform.
Prevented migrate --plan from showing that RunPython operations are irreversible \ 
when reverse_code callables don’t have docstrings or when showing a forward \ 
migration plan.
Fixed migrations crash on PostgreSQL when adding an Index with fields ordering \ 
and opclasses.
Restored the ability to override get_FOO_display().
   2019-10-01 19:58:37 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.6

Django 2.2.6:
Fixed migrations crash on SQLite when altering a model containing partial indexes.
Fixed a regression in Django 2.2.4 that caused a crash when filtering with a \ 
Subquery() annotation of a queryset containing JSONField or HStoreField.
   2019-09-04 10:31:45 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.5

Django 2.2.5 fixes several bugs in 2.2.4.

Bugfixes

Relaxed the system check added in Django 2.2 for models to reallow use of the \ 
same db_table by multiple models when database routers are installed.
Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ 
expressions with params.
Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign \ 
objects don’t respect a model’s Meta.ordering.
Fixed a race condition in loading URLconf module that could cause a crash of \ 
auto-reloader on Python 3.5 and below
   2019-08-06 11:33:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.4

Django 2.2.4:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for \ 
JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), \ 
intersection(), or difference() by a field type present more than once results \ 
in the wrong ordering being used
* Fixed a migration crash on PostgreSQL when adding a check constraint with a \ 
contains lookup on DateRangeField or DateTimeRangeField, if the right hand side \ 
of an expression is the same type
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path \ 
contains nulls characters ('\x00')
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation \ 
directory cannot be resolved
   2019-07-01 20:26:22 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django2: updated to 2.2.3

Django 2.2.3
Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Fixed a regression in Django 2.2 where Avg, StdDev, and Variance crash with \ 
filter argument
Fixed a regression in Django 2.2.2 where auto-reloader crashes with \ 
AttributeError, e.g. when using ipdb
   2019-06-03 14:39:46 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django2: updated to 2.2.2

2.2.2:
CVE-2019-12308: AdminURLFieldWidget XSS

The clickable "Current URL" link generated by AdminURLFieldWidget \ 
displayed the provided value without validating it as a safe URL. Thus, an \ 
unvalidated value stored in the database, or a value provided as a URL query \ 
parameter payload, could result in an clickable JavaScript link.

AdminURLFieldWidget now validates the provided value using URLValidator before \ 
displaying the clickable link. You may customise the validator by passing a \ 
validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using \ 
ModelAdmin.formfield_overrides.

2.2.1:
Bugfixes

Fixed a regression in Django 2.1 that caused the incorrect quoting of database \ 
user password when using dbshell on Oracle
Added compatibility for psycopg2 2.8
Fixed a regression in Django 2.2 that caused a crash when loading the template \ 
for the technical 500 debug page
Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an \ 
expression with params
Fixed a regression in Django 2.2 that caused a single instance fast-delete to \ 
not set the primary key to None
Prevented makemigrations from generating infinite migrations for check \ 
constraints and partial indexes when condition contains a range object
Reverted an optimization in Django 2.2
Fixed a regression in Django 2.2 where Paginator crashes if object_list is a \ 
queryset ordered or aggregated over a nested JSONField key transform
Fixed a regression in Django 2.2 where IntegerField validation of database \ 
limits crashes if limit_value attribute in a custom validator is callable
Fixed a regression in Django 2.2 where SearchVector generates SQL that is not \ 
indexable
Fixed a regression in Django 2.2 that caused an exception to be raised when a \ 
custom error handler could not be imported
Relaxed the system check added in Django 2.2 for the admin app’s dependencies \ 
to reallow use of SessionMiddleware subclasses, rather than requiring \ 
django.contrib.sessions to be in INSTALLED_APPS
Increased the default timeout when using Watchman to 5 seconds to prevent \ 
falling back to StatReloader on larger projects and made it customizable via the \ 
DJANGO_WATCHMAN_TIMEOUT environment variable
Fixed a regression in Django 2.2 that caused a crash when migrating permissions \ 
for proxy models if the target permissions already existed. For example, when a \ 
permission had been created manually or a model had been migrated from concrete \ 
to proxy
Fixed a regression in Django 2.2 that caused a crash of runserver when URLConf \ 
modules raised exceptions
Fixed a regression in Django 2.2 where changes were not reliably detected by \ 
auto-reloader when using StatReloader
Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint \ 
with a contains, startswith, or endswith lookup (or their case-insensitive \ 
variant)
Fixed a migration crash on Oracle and SQLite when adding a check constraint with \ 
condition contains | (OR) operator
 Django 2.2.2 release notesDjango 2.2 release notes

2.2:
This version has been designated as a long-term support (LTS) release, which \ 
means that security and data loss fixes will be applied for at least the next \ 
three years. It will also receive fixes for crashing bugs, major functionality \ 
bugs in newly-introduced features, and regressions from older versions of Django \ 
for the next eight months until December 2019.

As always, the release notes cover the salmagundi of new features in detail, but \ 
a few highlights are:
* HttpRequest.headers to allow simple access to a request’s headers.
* Database-level constraints on models.
* Watchman compatibility for runserver to improve the performance of watching a \ 
large number of files for changes.
   2019-05-31 14:40:05 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.1.8

2.1.8:
Bugfixes
Prevented admin inlines for a ManyToManyField’s implicit through model from \ 
being editable if the user only has the view permission