./www/py-django3, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.0.7, Package name: py37-django-3.0.7, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [databases/py-sqlparse] [www/py-asgiref] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 71938dec22f3f6adae6f3edac6a288fee69def24
RMD160: ce33cbdf81ab9bd30563773216892c9a3cf4e438
Filesize: 8737.795 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-03 17:29:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.0.7

Django 3.0.7 fixes two security issues and several bugs in 3.0.6.

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing \ 
malformed cache keys could result in a key collision, and potential data \ 
leakage. In order to avoid this vulnerability, key validation is added to the \ 
memcached cache backends.

CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

Query parameters for the admin ForeignKeyRawIdWidget were not properly URL \ 
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query \ 
parameters are correctly URL encoded.

Bugfixes

Fixed a regression in Django 3.0 by restoring the ability to use field lookups \ 
in Meta.ordering.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and a subquery annotation.
Fixed a regression in Django 3.0 where aggregates used wrong annotations when a \ 
queryset has multiple subqueries annotations.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and an Exists() annotation on \ 
Oracle.
Fixed a regression in Django 3.0 where all resolved Subquery() expressions were \ 
considered equal.
Fixed a regression in Django 3.0.5 that affected translation loading for apps \ 
providing translations for territorial language variants as well as a generic \ 
language, where the project has different plural equations for the language.
Tracking a jQuery security release, upgraded the version of jQuery used by the \ 
admin from 3.4.1 to 3.5.1.
   2020-05-12 08:55:20 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.0.6

3.0.6:
Fixed a regression in Django 3.0 that caused a crash when filtering a Subquery() \ 
annotation of a queryset containing a single related field against a \ 
SimpleLazyObject.
   2020-04-06 19:01:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.0.5

Django 3.0.5:
Added the ability to handle .po files containing different plural equations for \ 
the same language.
Fixed a regression in Django 3.0 where QuerySet.values() and values_list() \ 
crashed if a queryset contained an aggregation and Subquery() annotation that \ 
collides with a field name.
   2020-03-12 17:18:54 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.0.4

Django 3.0.4 fixes a security issue and several bugs in 3.0.3.

CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ 
and aggregates on Oracle

GIS functions and aggregates on Oracle were subject to SQL injection, using a \ 
suitably crafted tolerance.

Bugfixes

Fixed a data loss possibility when using caching from async code.
Fixed a regression in Django 3.0 that caused a file response using a temporary \ 
file to be closed incorrectly.
Fixed a data loss possibility in the select_for_update(). When using related \ 
fields or parent link fields with Multi-table inheritance in the of argument, \ 
the corresponding models were not locked.
Fixed a regression in Django 3.0 that caused misplacing parameters in logged SQL \ 
queries on Oracle.
Fixed a regression in Django 3.0.3 that caused misplacing parameters of SQL \ 
queries when subtracting DateField or DateTimeField expressions on MySQL.
Fixed a regression in Django 3.0 that didn’t include subqueries spanning \ 
multivalued relations in the GROUP BY clause
   2020-02-17 21:23:22 by Adam Ciarcinski | Files touched by this commit (6)
Log message:
py-django3: added version 3.0.3

What’s new in Django 3.0

MariaDB support
ASGI support
Exclusion constraints on PostgreSQL
Filter expressions
Enumerations for model field choices