./www/py-django3, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.1.7, Package name: py38-django-3.1.7, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [databases/py-sqlparse] [www/py-asgiref] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 7f08108d90fac2862f8db9344def74229830bc88
RMD160: 3f4a7e32347b3e81ee1a8856c5c03772653d0ca3
Filesize: 9446.298 KB

Version history: (Expand)


CVS history: (Expand)


   2021-03-01 13:43:26 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.1.7

Django 3.1.7 fixes a security issue and a bug in 3.1.6.

CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()

Django contains a copy of urllib.parse.parse_qsl() which was added to backport \ 
some security fixes. A further security fix has been issued recently such that \ 
parse_qsl() no longer allows using ; as a query parameter separator by default. \ 
Django now includes this fix. See bpo-42967 for further details.

Bugfixes

Fixed a regression in Django 3.1 that caused RuntimeError instead of connection \ 
errors when using only the 'postgres' database
   2021-02-05 08:55:02 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.1.6

Django 3.1.6 fixes a security issue with severity “low” and a bug in 3.1.5.

CVE-2021-3281: Potential directory-traversal via archive.extract()

The django.utils.archive.extract() function, used by startapp --template and \ 
startproject --template, allowed directory-traversal via an archive with \ 
absolute paths or relative paths with dot segments.

Bugfixes

Fixed an admin layout issue in Django 3.1 where changelist filter controls would \ 
become squashed
   2021-01-06 13:17:15 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.1.5

Django 3.1.5 fixes several bugs in 3.1.4.

Fixed __isnull=True lookup on key transforms for JSONField with Oracle and SQLite.
Fixed a bug in Django 3.1 that caused a crash when processing middlewares in an \ 
async context with a middleware that raises a MiddlewareNotUsed exception.
Fixed a regression in Django 3.1 that caused the incorrect prefixing of \ 
STATIC_URL and MEDIA_URL settings, by the server-provided value of SCRIPT_NAME \ 
(or / if not set), when set to a URL specifying the protocol but without a \ 
top-level domain, e.g. http://myhost/
   2020-12-03 19:10:48 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django: updated to 3.1.4

Django 3.1.4 fixes several bugs in 3.1.3.

Bugfixes

Fixed setting the Content-Length HTTP header in AsyncRequestFactory.
Fixed passing extra HTTP headers to AsyncRequestFactory request methods.
Fixed crash of key transforms for JSONField on PostgreSQL when using on a \ 
Subquery() annotation.
Fixed a regression in Django 3.1 that caused a crash of auto-reloader for \ 
certain invocations of runserver on Windows with Python 3.7 and below.
Fixed a regression in Django 3.1 that caused the incorrect grouping by a Q \ 
object annotation.
Fixed a regression in Django 3.1 that caused suppressing connection errors when \ 
JSONField is used on SQLite.
Fixed a crash on SQLite, when QuerySet.values()/values_list() contained key \ 
transforms for JSONField returning non-string primitive values
   2020-11-02 12:12:01 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.1.3

Django 3.1.3 fixes several bugs in 3.1.2 and adds compatibility with Python 3.9.

Bugfixes

Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin \ 
changelist search bar
Fixed a regression in Django 3.1.2 that caused the incorrect width of the admin \ 
changelist search bar on a filtered page
Fixed displaying Unicode characters in forms.JSONField and read-only \ 
models.JSONField values in the admin
Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg \ 
with ordering on key transforms for JSONField
Fixed a regression in Django 3.1 that caused a crash of __in lookup when using \ 
key transforms for JSONField in the lookup value
Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with \ 
key transforms for JSONField
Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL \ 
when adding an ExclusionConstraint with key transforms for JSONField in \ 
expressions
Fixed a regression in Django 3.1 where ProtectedError.protected_objects and \ 
RestrictedError.restricted_objects attributes returned iterators instead of set \ 
of objects
Fixed a regression in Django 3.1.2 that caused incorrect form input layout on \ 
small screens in the admin change form view
Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset \ 
tokens
Added support for asgiref 3.3
Fixed a regression in Django 3.1 that caused incorrect textarea layout on \ 
medium-sized screens in the admin change form view with the sidebar open
Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases in the \ 
GROUP BY clause
   2020-10-02 04:14:03 by Wen Heping | Files touched by this commit (2) | Package updated
Log message:
Update to 3.1.2

Upstream changes:
Django 3.1.2 release notes¶

October 1, 2020

Django 3.1.2 fixes several bugs in 3.1.1.
Bugfixes¶

    Fixed a bug in Django 3.1 where FileField instances with a callable storage \ 
were not correctly deconstructed (#31941).
    Fixed a regression in Django 3.1 where the QuerySet.ordered attribute \ 
returned incorrectly True for GROUP BY queries (e.g. .annotate().values()) on \ 
models with Meta.ordering. A model’s Meta.ordering doesn’t affect such \ 
queries (#31990).
    Fixed a regression in Django 3.1 where a queryset would crash if it \ 
contained an aggregation and a Q object annotation (#32007).
    Fixed a bug in Django 3.1 where a test database was not synced during \ 
creation when using the MIGRATE test database setting (#32012).
    Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a \ 
GenericRelation (#32038).
    Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar \ 
would not scroll for a long list of available filters (#31986).
   2020-09-10 11:37:17 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django3: updated to 3.1.1

Django 3.1.1 fixes two security issues and several bugs in 3.1.

CVE-2020-24583: Incorrect permissions on intermediate-level directories on \ 
Python 3.7+

On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to \ 
intermediate-level directories created in the process of uploading files and to \ 
intermediate-level collected static directories when using the collectstatic \ 
management command.

You should review and manually fix permissions on existing intermediate-level \ 
directories.

CVE-2020-24584: Permission escalation in intermediate-level directories of the \ 
file system cache on Python 3.7+

On Python 3.7+, the intermediate-level directories of the file system cache had \ 
the system’s standard umask rather than 0o077 (no group or others \ 
permissions).

Bugfixes

Fixed wrapping of translated action labels in the admin’s navigation sidebar \ 
for East Asian languages.
Fixed wrapping of long model names in the admin’s navigation sidebar.
Fixed encoding session data while upgrading multiple instances of the same \ 
project to Django 3.1.
Adjusted admin’s navigation sidebar template to reduce debug logging when \ 
rendering.
Fixed a data loss possibility in the select_for_update(). When using related \ 
fields pointing to a proxy model in the of argument, the corresponding model was \ 
not locked.
Fixed a data loss possibility, following a regression in Django 2.0, when \ 
copying model instances with a cached fields value.
Fixed a regression in Django 3.1 that caused a crash when decoding an invalid \ 
session data.
Reverted a deprecation in Django 3.1 that caused a crash when passing deprecated \ 
keyword arguments to a queryset in TemplateView.get_context_data().
Enforced thread sensitivity of the MiddlewareMixin.process_request() and \ 
process_response() hooks when in an async context.
Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, \ 
and SQLite.
Fixed a regression in Django 3.1 that caused permission errors in \ 
CommonPasswordValidator and settings.py generated by the startproject command, \ 
when user didn’t have permissions to all intermediate directories in a Django \ 
installation path.
Fixed detecting an async get_response callable in various builtin middlewares.
Fixed a QuerySet.order_by() crash on PostgreSQL when ordering and grouping by \ 
JSONField with a custom decoder.
Fixed a QuerySet.delete() crash on MySQL, following a performance regression in \ 
Django 3.1 on MariaDB 10.3.2+, when filtering against an aggregate function.
Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on reverse \ 
relations.
Prevented content overflowing in the admin changelist view when the navigation \ 
sidebar is enabled

What’s new in Django 3.1
Asynchronous views and middleware support
JSONField for all supported database backends
DEFAULT_HASHING_ALGORITHM settings
   2020-07-08 17:08:31 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.0.8

Django 3.0.8 fixes several bugs in 3.0.7.

Bugfixes

Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised \ 
by cache key validation.
Fixed a regression in Django 3.0.7 that caused a queryset crash when grouping by \ 
a many-to-one relationship.
Reallowed, following a regression in Django 3.0, non-expressions having a \ 
filterable attribute to be used as the right-hand side in queryset filters.
Fixed a regression in Django 3.0.2 that caused a migration crash on PostgreSQL \ 
when adding a foreign key to a model with a namespaced db_table.
Added compatibility for cx_Oracle 8