./www/py-django2, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.12, Package name: py37-django-2.2.12, Maintainer: joerg

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 5df3303956e1e7f506dc382a79375276131ac709
RMD160: f2fc964169a46a083da047193ffb0be88afd55fa
Filesize: 8669.005 KB

Version history: (Expand)


CVS history: (Expand)


   2020-04-06 18:58:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.12

Django 2.2.12:
Added the ability to handle .po files containing different plural equations for \ 
the same language
   2020-03-12 17:21:02 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.11

Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.

CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ 
and aggregates on Oracle

GIS functions and aggregates on Oracle were subject to SQL injection, using a \ 
suitably crafted tolerance.

Bugfixes

Fixed a data loss possibility in the select_for_update(). When using related \ 
fields or parent link fields with Multi-table inheritance in the of argument, \ 
the corresponding models were not locked
   2020-02-04 18:25:05 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.10

Django 2.2.10 fixes a security issue:
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably \ 
crafted delimiter.
   2019-12-19 14:40:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.9

Django 2.2.9 fixes a security issue and a data loss bug in 2.2.8.

CVE-2019-19844: Potential account hijack via password reset form

By submitting a suitably crafted email address making use of Unicode characters, \ 
that compared equal to an existing user email when lower-cased for comparison, \ 
an attacker could be sent a password reset token for the matched account.

In order to avoid this vulnerability, password reset requests now compare the \ 
submitted email using the stricter, recommended algorithm for case-insensitive \ 
comparison of two identifiers from Unicode Technical Report 36, section \ 
2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to \ 
the email address on record rather than the submitted address.

Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with \ 
ArrayField(BooleanField()), all values after the first True value were marked as \ 
checked instead of preserving passed values
   2019-12-02 12:46:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.8

2.2.8:
* CVE-2019-19118: Privilege escalation in the Django admin.
* Fixed a data loss possibility in the admin changelist view when a custom \ 
formset’s prefix contains regular expression special characters, e.g. ‘$’.
* Fixed a regression in Django 2.2.1 that caused a crash when migrating \ 
permissions for proxy models with a multiple database setup if the default entry \ 
was empty.
* Fixed a data loss possibility in the select_for_update(). When using 'self' in \ 
the of argument with multi-table inheritance, a parent model was locked instead \ 
of the queryset’s model
   2019-11-05 08:44:24 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.7

Django 2.2.7:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or \ 
has_any_keys lookup on JSONField, if the right or left hand side of an \ 
expression is a key transform.
Prevented migrate --plan from showing that RunPython operations are irreversible \ 
when reverse_code callables don’t have docstrings or when showing a forward \ 
migration plan.
Fixed migrations crash on PostgreSQL when adding an Index with fields ordering \ 
and opclasses.
Restored the ability to override get_FOO_display().
   2019-10-01 19:58:37 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.6

Django 2.2.6:
Fixed migrations crash on SQLite when altering a model containing partial indexes.
Fixed a regression in Django 2.2.4 that caused a crash when filtering with a \ 
Subquery() annotation of a queryset containing JSONField or HStoreField.
   2019-09-04 10:31:45 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django2: updated to 2.2.5

Django 2.2.5 fixes several bugs in 2.2.4.

Bugfixes

Relaxed the system check added in Django 2.2 for models to reallow use of the \ 
same db_table by multiple models when database routers are installed.
Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ 
expressions with params.
Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign \ 
objects don’t respect a model’s Meta.ordering.
Fixed a race condition in loading URLconf module that could cause a crash of \ 
auto-reloader on Python 3.5 and below