./www/py-django2, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.19, Package name: py38-django-2.2.19, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 7aef80dd858d268cc7dc15e8f3b5a43a5252edda
RMD160: 92fe0035ec141c915a5e06319a2f85755f7938e4
Filesize: 8993.588 KB

Version history: (Expand)


CVS history: (Expand)


   2021-03-01 13:44:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.19

Django 2.2.19 fixes a security issue in 2.2.18.

CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()

Django contains a copy of urllib.parse.parse_qsl() which was added to backport \ 
some security fixes. A further security fix has been issued recently such that \ 
parse_qsl() no longer allows using ; as a query parameter separator by default. \ 
Django now includes this fix. See bpo-42967 for further details.
   2021-02-05 08:52:37 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.18

Django 2.2.18 fixes a security issue with severity “low” in 2.2.17.

CVE-2021-3281: Potential directory-traversal via archive.extract()

The django.utils.archive.extract() function, used by startapp --template and \ 
startproject --template, allowed directory-traversal via an archive with \ 
absolute paths or relative paths with dot segments.
   2020-11-02 12:09:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.17

Django 2.2.17 adds compatibility with Python 3.9.
   2020-09-10 11:32:28 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.16

Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.

CVE-2020-24583: Incorrect permissions on intermediate-level directories on \ 
Python 3.7+

On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to \ 
intermediate-level directories created in the process of uploading files and to \ 
intermediate-level collected static directories when using the collectstatic \ 
management command.

You should review and manually fix permissions on existing intermediate-level \ 
directories.

CVE-2020-24584: Permission escalation in intermediate-level directories of the \ 
file system cache on Python 3.7+

On Python 3.7+, the intermediate-level directories of the file system cache had \ 
the system’s standard umask rather than 0o077 (no group or others \ 
permissions).

Bugfixes

Fixed a data loss possibility in the select_for_update(). When using related \ 
fields pointing to a proxy model in the of argument, the corresponding model was \ 
not locked.
Fixed a data loss possibility, following a regression in Django 2.0, when \ 
copying model instances with a cached fields value.

Django 2.2.15 fixes two bugs in 2.2.14.

Bugfixes

Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie().
Fixed crash when sending emails to addresses with display names longer than 75 \ 
chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.
   2020-07-08 17:11:23 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.14

Django 2.2.14 fixes a bug in 2.2.13.

Bugfixes

Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised \ 
by cache key validation
   2020-06-03 17:28:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.13

Django 2.2.13 fixes two security issues and a regression in 2.2.12.

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing \ 
malformed cache keys could result in a key collision, and potential data \ 
leakage. In order to avoid this vulnerability, key validation is added to the \ 
memcached cache backends.

CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

Query parameters for the admin ForeignKeyRawIdWidget were not properly URL \ 
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query \ 
parameters are correctly URL encoded.

Bugfixes

Fixed a regression in Django 2.2.12 that affected translation loading for apps \ 
providing translations for territorial language variants as well as a generic \ 
language, where the project has different plural equations for the language.
Tracking a jQuery security release, upgraded the version of jQuery used by the \ 
admin from 3.3.1 to 3.5.1.
   2020-04-06 18:58:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.12

Django 2.2.12:
Added the ability to handle .po files containing different plural equations for \ 
the same language
   2020-03-12 17:21:02 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.11

Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.

CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ 
and aggregates on Oracle

GIS functions and aggregates on Oracle were subject to SQL injection, using a \ 
suitably crafted tolerance.

Bugfixes

Fixed a data loss possibility in the select_for_update(). When using related \ 
fields or parent link fields with Multi-table inheritance in the of argument, \ 
the corresponding models were not locked