./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 5.1.4, Package name: py312-django-5.1.4, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 10465.231 KB

Version history: (Expand)

CVS history: (Expand)


   2024-12-04 21:19:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 5.1.4

5.1.4

Django 5.1.4 fixes one security issue with severity “high”, one security \ 
issue with severity “moderate”, and several bugs in 5.1.3.

CVE-2024-53907: Denial-of-service possibility in strip_tags()

strip_tags() would be extremely slow to evaluate certain inputs containing large \ 
sequences of nested incomplete HTML entities. The strip_tags() method is used to \ 
implement the corresponding striptags template filter, which was thus also \ 
vulnerable.

strip_tags() now has an upper limit of recursive calls to HTMLParser before \ 
raising a SuspiciousOperation exception.

Remember that absolutely NO guarantee is provided about the results of \ 
strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() \ 
call without escaping it first, for example with django.utils.html.escape().

CVE-2024-53908: Potential SQL injection via HasKey(lhs, rhs) on Oracle

Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle was \ 
subject to SQL injection if untrusted data was used as a lhs value.

Applications that use the has_key lookup through the __ syntax are unaffected.

Bugfixes

Fixed a crash in createsuperuser on Python 3.13+ caused by an unhandled OSError \ 
when the username could not be determined

Fixed a regression in Django 5.1 where relational fields were not updated when \ 
calling Model.refresh_from_db() on instances with deferred fields
   2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862) 
Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays
   2024-11-05 09:35:58 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 5.1.3

Django 5.1.3 fixes several bugs in 5.1.2 and adds compatibility with Python 3.13.

Bugfixes

Fixed a bug in Django 5.1 where DomainNameValidator accepted any input value \ 
that contained a valid domain name, rather than only input values that were a \ 
valid domain name

Fixed a regression in Django 5.1 that prevented the use of DB-IP databases with \ 
GeoIP2

Fixed a regression in Django 5.1 where non-ASCII fieldset names were not \ 
displayed when rendering admin fieldsets
   2024-10-14 08:46:10 by Thomas Klausner | Files touched by this commit (325) 
Log message:
*: clean-up after python38 removal
   2024-10-08 19:42:20 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django: updated to 5.1.2

5.1.2

Fixed a regression in Django 5.1 that caused a crash when using the PostgreSQL \ 
lookup trigram_similar on output fields from Concat
Fixed a regression in Django 5.1 that caused a crash of JSONObject() when using \ 
server-side binding with PostgreSQL 16+
Fixed a regression in Django 5.1 that made selected items in multi-select \ 
widgets indistinguishable from non-selected items in the admin dark theme
   2024-05-07 20:16:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 5.0.6

Django 5.0.6 fixes a packaging error in 5.0.5.
   2024-05-07 05:55:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 5.0.5

Django 5.0.5 fixes several bugs in 5.0.4.

Fixed a bug in Django 5.0 that caused a crash of Model.save() when creating an \ 
instance of a model with a GeneratedField and providing a primary key
Fixed a compatibility issue encountered in Python 3.11.9+ and 3.12.3+ when \ 
validating email max line lengths with content decoded using the surrogateescape \ 
error handling scheme
Fixed a bug in Django 5.0 that caused a crash when applying migrations including \ 
alterations to GeneratedField such as setting db_index=True on SQLite
Allowed importing aprefetch_related_objects from django.db.models
Fixed a bug in Django 5.0 that caused a migration crash when a GeneratedField \ 
was added before any of the referenced fields from its expression definition
Fixed a bug in Django 5.0 that caused a migration crash when altering a \ 
GeneratedField referencing a renamed field
Fixed a bug in Django 5.0 where the querysets argument of GenericPrefetch was \ 
not required
   2024-04-05 12:40:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 5.0.4

Django 5.0.4 fixes several bugs in 5.0.3.

Bugfixes

Fixed a bug in Django 5.0 that caused a crash of Model.full_clean() on fields \ 
with expressions in db_default. As a consequence, Model.full_clean() no longer \ 
validates for empty values in fields with db_default
Fixed a regression in Django 5.0 where the AdminFileWidget could be rendered \ 
with two id attributes on the “Clear” checkbox
Fixed a bug in Django 5.0 that caused a migration crash on PostgreSQL 15+ when \ 
adding a partial UniqueConstraint with nulls_distinct
Fixed a crash in Django 5.0 when performing queries involving table aliases and \ 
lookups on a GeneratedField of the aliased table
Fixed a bug in Django 5.0 that caused a migration crash when adding a \ 
GeneratedField relying on the __contains or __icontains lookups or using a Value \ 
containing a "%"