Navigation:
Browse pkgsrc
(this page)| 2015-01-14 18:07:12 by Adam Ciarcinski | Files touched by this commit (4) |
Log message: Fixed securify issues: * WSGI header spoofing via underscore/dash conflation * Mitigated possible XSS attack via user-supplied redirect URLs * Denial-of-service attack against django.views.static.serve * Database denial-of-service with ModelMultipleChoiceField |
| 2015-01-07 00:07:32 by Joerg Sonnenberger | Files touched by this commit (1) |
Log message: Python 2.6 is no longer supported. |
| 2015-01-03 16:47:21 by Adam Ciarcinski | Files touched by this commit (6) |
Log message: Django 1.7.2 fixes several bugs in 1.7.1. Additionally, Djangoâs vendored version of six, django.utils.six, has been \ upgraded to the latest release (1.9.0). |
| 2014-11-23 15:05:13 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.8: This release fixes a couple regressions in the 1.6.6 security release. Bugfixes Allowed related many-to-many fields to be referenced in the admin Allowed inline and hidden references to admin fields |
| 2014-08-23 13:13:01 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.6: Security fixes: * Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480) * Issue: file upload denial of service (CVE-2014-0481) * Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482) * Issue: data leakage via querystring manipulation in admin (CVE-2014-0483) |
| 2014-05-20 13:06:26 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.5: These releases address a caching issue which might lead to cache poisoning and \ an incorrect validation of safe redirect targets. Since these issues will affect \ the majority of users we strongly encourage everyone to upgrade. |
| 2014-05-09 09:37:28 by Thomas Klausner | Files touched by this commit (553) |
Log message: Mark packages that are not ready for python-3.3 also not ready for 3.4, until proven otherwise. |
| 2014-05-03 20:19:30 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.4: Shortly after last week's security releases were issued, we received reports of \ a potential regression in using reverse() with views created by \ functools.partial. We were able to confirm the bug, and test and commit a fix \ for it. |
| 2014-04-22 20:05:22 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.3: These releases address an unexpected code-execution issue, a caching issue which \ can expose CSRF tokens and a MySQL typecasting issue. While these issues present \ limited risk and may not affect all Django users, we encourage all users to \ evaluate their own risk and upgrade as soon as possible. |
| 2014-02-09 09:09:04 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Changes 1.6.2: Prevented the base geometry object of a prepared geometry to be garbage \ collected, which could lead to crash Django. Fixed a crash when executing the changepassword command when the user object \ representation contained non-ASCII characters. The collectstatic command will raise an error rather than default to using the \ current working directory if STATIC_ROOT is not set. Combined with the --clear \ option, the previous behavior could wipe anything below the current working \ directory. Fixed mail encoding on Python 3.3.3+. Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, \ the connection wasnât in autocommit mode but Django pretended it was. Fixed a regression in multiple-table inheritance exclude() queries. Added missing items to django.utils.timezone.__all__. Fixed a field misalignment issue with select_related() and model inheritance. Fixed join promotion for negated AND conditions. Oracle database introspection now works with boolean and float fields. Fixed an issue where lazy objects werenât actually marked as safe when \ passed through mark_safe() and could end up being double-escaped |
New packages: