pkgsrc.se | The NetBSD package collection

./www/py-django3, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.0.8, Package name: py37-django-3.0.8, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

Required to run:
[devel/py-setuptools] [time/py-pytz] [databases/py-sqlparse] [www/py-asgiref] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 8c2054f2939d443096649cbdce0188718a183316
RMD160: d58aa02149f2009e3d39c4db273926f75d7504c4
Filesize: 8867.901 KB

Version history: (Expand)

(2020-07-12) Updated to version: py37-django-3.0.8
(2020-06-03) Updated to version: py37-django-3.0.7
(2020-05-12) Updated to version: py37-django-3.0.6
(2020-04-06) Updated to version: py37-django-3.0.5
(2020-03-12) Updated to version: py37-django-3.0.4
(2020-02-18) Package added to pkgsrc.se, version py37-django-3.0.3 (created)

CVS history: (Expand)

2020-07-08 17:08:31 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django3: updated to 3.0.8

Django 3.0.8 fixes several bugs in 3.0.7.

Bugfixes

Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised \ 
by cache key validation.
Fixed a regression in Django 3.0.7 that caused a queryset crash when grouping by \ 
a many-to-one relationship.
Reallowed, following a regression in Django 3.0, non-expressions having a \ 
filterable attribute to be used as the right-hand side in queryset filters.
Fixed a regression in Django 3.0.2 that caused a migration crash on PostgreSQL \ 
when adding a foreign key to a model with a namespaced db_table.
Added compatibility for cx_Oracle 8

2020-06-03 17:29:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django3: updated to 3.0.7

Django 3.0.7 fixes two security issues and several bugs in 3.0.6.

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing \ 
malformed cache keys could result in a key collision, and potential data \ 
leakage. In order to avoid this vulnerability, key validation is added to the \ 
memcached cache backends.

CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

Query parameters for the admin ForeignKeyRawIdWidget were not properly URL \ 
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query \ 
parameters are correctly URL encoded.

Bugfixes

Fixed a regression in Django 3.0 by restoring the ability to use field lookups \ 
in Meta.ordering.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and a subquery annotation.
Fixed a regression in Django 3.0 where aggregates used wrong annotations when a \ 
queryset has multiple subqueries annotations.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and an Exists() annotation on \ 
Oracle.
Fixed a regression in Django 3.0 where all resolved Subquery() expressions were \ 
considered equal.
Fixed a regression in Django 3.0.5 that affected translation loading for apps \ 
providing translations for territorial language variants as well as a generic \ 
language, where the project has different plural equations for the language.
Tracking a jQuery security release, upgraded the version of jQuery used by the \ 
admin from 3.4.1 to 3.5.1.

2020-05-12 08:55:20 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django3: updated to 3.0.6

3.0.6:
Fixed a regression in Django 3.0 that caused a crash when filtering a Subquery() \ 
annotation of a queryset containing a single related field against a \ 
SimpleLazyObject.

2020-04-06 19:01:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django3: updated to 3.0.5

Django 3.0.5:
Added the ability to handle .po files containing different plural equations for \ 
the same language.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and Subquery() annotation that \ 
collides with a field name.

2020-03-12 17:18:54 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-django3: updated to 3.0.4

Django 3.0.4 fixes a security issue and several bugs in 3.0.3.

CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ 
and aggregates on Oracle

GIS functions and aggregates on Oracle were subject to SQL injection, using a \ 
suitably crafted tolerance.

Bugfixes

Fixed a data loss possibility when using caching from async code.
Fixed a regression in Django 3.0 that caused a file response using a temporary \ 
file to be closed incorrectly.
Fixed a data loss possibility in the select_for_update(). When using related \ 
fields or parent link fields with Multi-table inheritance in the of argument, \ 
the corresponding models were not locked.
Fixed a regression in Django 3.0 that caused misplacing parameters in logged SQL \ 
queries on Oracle.
Fixed a regression in Django 3.0.3 that caused misplacing parameters of SQL \ 
queries when subtracting DateField or DateTimeField expressions on MySQL.
Fixed a regression in Django 3.0 that didn’t include subqueries spanning \ 
multivalued relations in the GROUP BY clause

2020-02-17 21:23:22 by Adam Ciarcinski | Files touched by this commit (6)

Log message:
py-django3: added version 3.0.3

What’s new in Django 3.0

MariaDB support
ASGI support
Exclusion constraints on PostgreSQL
Filter expressions
Enumerations for model field choices