Navigation:
Browse pkgsrc
(this page)
www py-djang..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2020-06-03 17:29:36 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-django3: updated to 3.0.7 Django 3.0.7 fixes two security issues and several bugs in 3.0.6. CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing \ malformed cache keys could result in a key collision, and potential data \ leakage. In order to avoid this vulnerability, key validation is added to the \ memcached cache backends. CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget Query parameters for the admin ForeignKeyRawIdWidget were not properly URL \ encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query \ parameters are correctly URL encoded. Bugfixes Fixed a regression in Django 3.0 by restoring the ability to use field lookups \ in Meta.ordering. Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ crashed if a queryset contained an aggregation and a subquery annotation. Fixed a regression in Django 3.0 where aggregates used wrong annotations when a \ queryset has multiple subqueries annotations. Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ crashed if a queryset contained an aggregation and an Exists() annotation on \ Oracle. Fixed a regression in Django 3.0 where all resolved Subquery() expressions were \ considered equal. Fixed a regression in Django 3.0.5 that affected translation loading for apps \ providing translations for territorial language variants as well as a generic \ language, where the project has different plural equations for the language. Tracking a jQuery security release, upgraded the version of jQuery used by the \ admin from 3.4.1 to 3.5.1. |
| 2020-05-12 08:55:20 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.0.6 3.0.6: Fixed a regression in Django 3.0 that caused a crash when filtering a Subquery() \ annotation of a queryset containing a single related field against a \ SimpleLazyObject. |
| 2020-04-06 19:01:07 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.0.5 Django 3.0.5: Added the ability to handle .po files containing different plural equations for \ the same language. Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ crashed if a queryset contained an aggregation and Subquery() annotation that \ collides with a field name. |
| 2020-03-12 17:18:54 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.0.4 Django 3.0.4 fixes a security issue and several bugs in 3.0.3. CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ and aggregates on Oracle GIS functions and aggregates on Oracle were subject to SQL injection, using a \ suitably crafted tolerance. Bugfixes Fixed a data loss possibility when using caching from async code. Fixed a regression in Django 3.0 that caused a file response using a temporary \ file to be closed incorrectly. Fixed a data loss possibility in the select_for_update(). When using related \ fields or parent link fields with Multi-table inheritance in the of argument, \ the corresponding models were not locked. Fixed a regression in Django 3.0 that caused misplacing parameters in logged SQL \ queries on Oracle. Fixed a regression in Django 3.0.3 that caused misplacing parameters of SQL \ queries when subtracting DateField or DateTimeField expressions on MySQL. Fixed a regression in Django 3.0 that didn’t include subqueries spanning \ multivalued relations in the GROUP BY clause |
| 2020-02-17 21:23:22 by Adam Ciarcinski | Files touched by this commit (6) |
Log message: py-django3: added version 3.0.3 What’s new in Django 3.0 MariaDB support ASGI support Exclusion constraints on PostgreSQL Filter expressions Enumerations for model field choices |
New packages: