Subject: CVS commit: pkgsrc/www/py-django3
From: Adam Ciarcinski
Date: 2021-03-01 13:43:26
Message id: 20210301124326.3A899FA95@cvs.NetBSD.org

Log Message:
py-django3: updated to 3.1.7

Django 3.1.7 fixes a security issue and a bug in 3.1.6.

CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()

Django contains a copy of urllib.parse.parse_qsl() which was added to backport \ 
some security fixes. A further security fix has been issued recently such that \ 
parse_qsl() no longer allows using ; as a query parameter separator by default. \ 
Django now includes this fix. See bpo-42967 for further details.

Bugfixes

Fixed a regression in Django 3.1 that caused RuntimeError instead of connection \ 
errors when using only the 'postgres' database

Files:
RevisionActionfile
1.13modifypkgsrc/www/py-django3/Makefile
1.13modifypkgsrc/www/py-django3/distinfo