2019-09-04 10:31:06 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.24 Django 1.11.24 fixes a regression in 1.11.23. Bugfixes Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ expressions with params |
2019-08-06 11:30:46 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.23 Django 1.11.23: * CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator * CVE-2019-14233: Denial-of-service possibility in strip_tags() * CVE-2019-14234: SQL injection possibility in key and index lookups for \ JSONField/HStoreField * CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() |
2019-07-01 20:23:53 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.22 Django 1.11.22: Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS |
2019-06-03 14:33:00 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.21 Django 1.11.21 release notes CVE-2019-12308: AdminURLFieldWidget XSS The clickable “Current URL” link generated by AdminURLFieldWidget displayed \ the provided value without validating it as a safe URL. Thus, an unvalidated \ value stored in the database, or a value provided as a URL query parameter \ payload, could result in an clickable JavaScript link. AdminURLFieldWidget now validates the provided value using URLValidator before \ displaying the clickable link. You may customise the validator by passing a \ validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using \ formfield_overrides. |
2019-02-12 14:11:56 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.20 1.11.20: Bugfixes Corrected packaging error from 1.11.19 1.11.19: CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the \ the floatformat, filesizeformat, and intcomma templates filters – received a \ Decimal with a large number of digits or a large exponent, it could lead to \ significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using \ scientific notation. |
2019-01-04 23:07:35 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.18 Django 1.11.18 fixes a security issue in 1.11.17. CVE-2019-3498: Content spoofing possibility in the default 404 page |
2018-12-03 19:59:35 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: py-django: updated to 1.11.17 Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7. Bugfixes: Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an \ attempt to fix a random crash involving LooseVersion since Django 1.11.14. |
2018-10-02 10:06:45 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.16 Django 1.11.16: Fixed a race condition in QuerySet.update_or_create() that could result in data loss |
2018-08-02 16:02:21 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.5 1.11.5: Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if \ the project has a URL pattern that accepts any path ending in a slash (many \ content management systems have such a pattern), then a request to a maliciously \ crafted URL of that site could lead to a redirect to another site, enabling \ phishing and other attacks. CommonMiddleware now escapes leading slashes to prevent redirects to other domains. |
2018-07-03 08:42:27 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-django: updated to 1.11.4 Django 1.11.14: Bugfixes: Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+. Fixed a regression in Django 1.10 that could result in large memory usage when \ making edits using ModelAdmin.list_editable |