./www/py-django3, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.2.13, Package name: py39-django-3.2.13, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [databases/py-sqlparse] [www/py-asgiref] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 9583.97 KB

Version history: (Expand)


CVS history: (Expand)


   2022-04-20 14:29:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.13

Django 3.2.13 fixes two security issues with severity “high” in 3.2.12 and a \ 
regression in 3.2.4.

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and \ 
extra()

QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL \ 
injection in column aliases, using a suitably crafted dictionary, with \ 
dictionary expansion, as the **kwargs passed to these methods.

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL

QuerySet.explain() method was subject to SQL injection in option names, using a \ 
suitably crafted dictionary, with dictionary expansion, as the **options \ 
argument.

Bugfixes

Fixed a regression in Django 3.2.4 that caused the auto-reloader to no longer \ 
detect changes when the DIRS option of the TEMPLATES setting contained an empty \ 
string
   2022-02-02 11:23:41 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.12

Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.

CVE-2022-22818: Possible XSS via {% debug %} template tag

CVE-2022-23833: Denial-of-service possibility in file uploads
   2022-01-19 10:51:25 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.11

Django 3.2.11 fixes one security issue with severity “medium” and two \ 
security issues with severity “low” in 3.2.10.
- CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator
- CVE-2021-45116: Potential information disclosure in dictsort template filter
- CVE-2021-45452: Potential directory-traversal via Storage.save()
   2022-01-05 16:51:59 by Thomas Klausner | Files touched by this commit (4)
Log message:
py-django*: switch to USE_PKG_RESOURCES
   2022-01-05 11:09:54 by Thomas Klausner | Files touched by this commit (4)
Log message:
py-django*: add dependency on py-setuptools

These use pkg_resources.

Noted by joerg.

Bump PKGREVISION.
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-12-14 10:00:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.10

3.2.10:

CVE-2021-44420: Potential bypass of an upstream access control based on URL paths¶

HTTP requests for URLs with trailing newlines could bypass an upstream access \ 
control based on URL paths.

Bugfixes

Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with \ 
BinaryField on PostgreSQL, which is memoryview-backed
   2021-11-04 14:37:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.9

Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10.

Bugfixes

Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering \ 
a field with a functional index