pkgsrc.se | The NetBSD package collection

./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 5.1.7, Package name: py312-django-5.1.7, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 10465.342 KB

Version history: (Expand)

(2025-03-06) Updated to version: py312-django-5.1.7
(2025-03-05) Updated to version: py312-django-5.1.6nb1
(2025-02-05) Updated to version: py312-django-5.1.6
(2025-01-14) Updated to version: py312-django-5.1.5
(2024-12-04) Updated to version: py312-django-5.1.4
(2024-11-05) Updated to version: py312-django-5.1.3

CVS history: (Expand)

2025-03-06 17:05:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django: updated to 5.1.7

Django 5.1.7 fixes a security issue with severity “moderate” and several \ 
bugs in 5.1.6.

CVE-2025-26699: Potential denial-of-service vulnerability in django.utils.text.wrap()

The wrap() and wordwrap template filter were subject to a potential \ 
denial-of-service attack when used with very long strings.

Bugfixes

Fixed a bug in Django 5.1 where the {% querystring %} template tag returned an \ 
empty string rather than "?" when all parameters had been removed from \ 
the query string

Fixed a bug in Django 5.1 where FileSystemStorage, with allow_overwrite set to \ 
True, did not truncate the overwritten file content

Fixed a regression in Django 5.1 where the count and exists methods of \ 
ManyToManyField related managers would always return 0 and False when the \ 
intermediary model back references used to_field

Fixed a regression in Django 5.1 where the pre_save and post_save signals for \ 
LogEntry were not sent when deleting a single object in the admin

2025-03-05 11:40:59 by Thomas Klausner | Files touched by this commit (1)

Log message:
py-django: fix wheel name for latest setuptools and depend on it

Bump PKGREVISION.

2025-02-05 21:51:59 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django: updated to 5.1.6

Django 5.1.6 fixes several bugs in 5.1.5.

Bugfixes

Fixed a regression in Django 5.1.5 that caused validate_ipv6_address() and \ 
validate_ipv46_address() to crash when handling non-string values

Fixed a regression in Django 5.1 where password fields, despite being set to \ 
required=False, were still treated as required in forms derived from \ 
BaseUserCreationForm

2025-01-14 16:55:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django: updated to 5.1.5

Django 5.1.5 fixes a security issue with severity “moderate” and one bug in \ 
5.1.4.

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation

Lack of upper bound limit enforcement in strings passed when performing IPv6 \ 
validation could lead to a potential denial-of-service attack. The undocumented \ 
and private functions clean_ipv6_address and is_valid_ipv6_address were \ 
vulnerable, as was the django.forms.GenericIPAddressField form field, which has \ 
now been updated to define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.

Bugfixes

Fixed a crash when applying migrations with references to the removed \ 
Meta.index_together option

2024-12-04 21:19:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django: updated to 5.1.4

5.1.4

Django 5.1.4 fixes one security issue with severity “high”, one security \ 
issue with severity “moderate”, and several bugs in 5.1.3.

CVE-2024-53907: Denial-of-service possibility in strip_tags()

strip_tags() would be extremely slow to evaluate certain inputs containing large \ 
sequences of nested incomplete HTML entities. The strip_tags() method is used to \ 
implement the corresponding striptags template filter, which was thus also \ 
vulnerable.

strip_tags() now has an upper limit of recursive calls to HTMLParser before \ 
raising a SuspiciousOperation exception.

Remember that absolutely NO guarantee is provided about the results of \ 
strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() \ 
call without escaping it first, for example with django.utils.html.escape().

CVE-2024-53908: Potential SQL injection via HasKey(lhs, rhs) on Oracle

Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle was \ 
subject to SQL injection if untrusted data was used as a lhs value.

Applications that use the has_key lookup through the __ syntax are unaffected.

Bugfixes

Fixed a crash in createsuperuser on Python 3.13+ caused by an unhandled OSError \ 
when the username could not be determined

Fixed a regression in Django 5.1 where relational fields were not updated when \ 
calling Model.refresh_from_db() on instances with deferred fields

2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862)

Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays

2024-11-05 09:35:58 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django: updated to 5.1.3

Django 5.1.3 fixes several bugs in 5.1.2 and adds compatibility with Python 3.13.

Bugfixes

Fixed a bug in Django 5.1 where DomainNameValidator accepted any input value \ 
that contained a valid domain name, rather than only input values that were a \ 
valid domain name

Fixed a regression in Django 5.1 that prevented the use of DB-IP databases with \ 
GeoIP2

Fixed a regression in Django 5.1 where non-ASCII fieldset names were not \ 
displayed when rendering admin fieldsets

2024-10-14 08:46:10 by Thomas Klausner | Files touched by this commit (325)

Log message:
*: clean-up after python38 removal