Log Message:
py-django3: updated to 3.2.4

Django 3.2.4 fixes two security issues and several bugs in 3.2.3.

CVE-2021-33203: Potential directory traversal via admindocs

Staff members could use the admindocs TemplateDetailView view to check the \ 
existence of arbitrary files. Additionally, if (and only if) the default \ 
admindocs templates have been customized by the developers to also expose the \ 
file contents, then not only the existence but also the file contents would have \ 
been exposed.

As a mitigation, path sanitation is now applied and only files within the \ 
template root directories can be loaded.

CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since \ 
validators accepted leading zeros in IPv4 addresses¶

URLValidator, validate_ipv4_address(), and validate_ipv46_address() didn’t \ 
prohibit leading zeros in octal literals. If you used such values you could \ 
suffer from indeterminate SSRF, RFI, and LFI attacks.

validate_ipv4_address() and validate_ipv46_address() validators were not \ 
affected on Python 3.9.5+.

Bugfixes

Fixed a bug in Django 3.2 where a final catch-all view in the admin didn’t \ 
respect the server-provided value of SCRIPT_NAME when redirecting \ 
unauthenticated users to the login page
Fixed a bug in Django 3.2 where a system check would crash on an abstract model
Prevented unnecessary initialization of unused caches following a regression in \ 
Django 3.2
Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the \ 
recommended settings while the Windows colorama library was installed
Fixed a bug in Django 3.2 that would trigger the auto-reloader for template \ 
changes when directory paths were specified with strings
Fixed a regression in Django 3.2 that caused a crash of auto-reloader with \ 
AttributeError, e.g. inside a Conda environment
Fixed a regression in Django 3.2 that caused a loss of precision for operations \ 
with DecimalField on MySQL