./www/py-django, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.11.29, Package name: py37-django-1.11.29, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

DEINSTALL [+/-]

Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: e71620c18c985d8f5381bd87c02dbd23f1f48dd0
RMD160: 9681f055495b96a2fce3473c4040362392786e9f
Filesize: 7790.934 KB

Version history: (Expand)


CVS history: (Expand)


   2020-03-12 17:22:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.29

Django 1.11.29 fixes a security issue in 1.11.28.

CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ 
and aggregates on Oracle

GIS functions and aggregates on Oracle were subject to SQL injection, using a \ 
suitably crafted tolerance.
   2020-02-04 18:23:11 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.28

Django 1.11.28 fixes a security issue:
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably \ 
crafted delimiter.
   2019-12-19 14:39:50 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.27

Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.

CVE-2019-19844: Potential account hijack via password reset form

By submitting a suitably crafted email address making use of Unicode characters, \ 
that compared equal to an existing user email when lower-cased for comparison, \ 
an attacker could be sent a password reset token for the matched account.

In order to avoid this vulnerability, password reset requests now compare the \ 
submitted email using the stricter, recommended algorithm for case-insensitive \ 
comparison of two identifiers from Unicode Technical Report 36, section \ 
2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to \ 
the email address on record rather than the submitted address.

Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with \ 
ArrayField(BooleanField()), all values after the first True value were marked as \ 
checked instead of preserving passed values
   2019-11-05 08:40:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.26

Django 1.11.26:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or \ 
has_any_keys lookup on JSONField, if the right or left hand side of an \ 
expression is a key transform.
   2019-10-01 19:56:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.25

Django 1.11.25:
Fixed a crash when filtering with a Subquery() annotation of a queryset \ 
containing JSONField or HStoreField
   2019-09-04 10:31:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.24

Django 1.11.24 fixes a regression in 1.11.23.

Bugfixes
Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ 
expressions with params
   2019-08-06 11:30:46 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.23

Django 1.11.23:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for \ 
JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
   2019-07-01 20:23:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 1.11.22

Django 1.11.22:
Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS