Path to this page:
./
www/py-django3,
Django, a high-level Python Web framework
Branch: CURRENT,
Version: 3.2.13,
Package name: py39-django-3.2.13,
Maintainer: pkgsrc-usersDjango is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
Required to run:[
devel/py-setuptools] [
time/py-pytz] [
databases/py-sqlparse] [
www/py-asgiref] [
lang/python37]
Required to build:[
pkgtools/cwrappers]
Master sites:
Filesize: 9583.97 KB
Version history: (Expand)
- (2022-04-20) Updated to version: py39-django-3.2.13
- (2022-02-02) Updated to version: py39-django-3.2.12
- (2022-01-19) Updated to version: py39-django-3.2.11
- (2022-01-05) Updated to version: py39-django-3.2.10nb2
- (2022-01-05) Updated to version: py39-django-3.2.10nb1
- (2021-12-14) Updated to version: py39-django-3.2.10
CVS history: (Expand)
2022-04-20 14:29:47 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
py-django3: updated to 3.2.13
Django 3.2.13 fixes two security issues with severity “high” in 3.2.12 and a \
regression in 3.2.4.
CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and \
extra()
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL \
injection in column aliases, using a suitably crafted dictionary, with \
dictionary expansion, as the **kwargs passed to these methods.
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
QuerySet.explain() method was subject to SQL injection in option names, using a \
suitably crafted dictionary, with dictionary expansion, as the **options \
argument.
Bugfixes
Fixed a regression in Django 3.2.4 that caused the auto-reloader to no longer \
detect changes when the DIRS option of the TEMPLATES setting contained an empty \
string
|
2022-02-02 11:23:41 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
py-django3: updated to 3.2.12
Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.
CVE-2022-22818: Possible XSS via {% debug %} template tag
CVE-2022-23833: Denial-of-service possibility in file uploads
|
2022-01-19 10:51:25 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
py-django3: updated to 3.2.11
Django 3.2.11 fixes one security issue with severity “medium” and two \
security issues with severity “low” in 3.2.10.
- CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator
- CVE-2021-45116: Potential information disclosure in dictsort template filter
- CVE-2021-45452: Potential directory-traversal via Storage.save()
|
2022-01-05 16:51:59 by Thomas Klausner | Files touched by this commit (4) |
Log message:
py-django*: switch to USE_PKG_RESOURCES
|
2022-01-05 11:09:54 by Thomas Klausner | Files touched by this commit (4) |
Log message:
py-django*: add dependency on py-setuptools
These use pkg_resources.
Noted by joerg.
Bump PKGREVISION.
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2021-12-14 10:00:38 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
py-django3: updated to 3.2.10
3.2.10:
CVE-2021-44420: Potential bypass of an upstream access control based on URL paths¶
HTTP requests for URLs with trailing newlines could bypass an upstream access \
control based on URL paths.
Bugfixes
Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with \
BinaryField on PostgreSQL, which is memoryview-backed
|
2021-11-04 14:37:34 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
py-django3: updated to 3.2.9
Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10.
Bugfixes
Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering \
a field with a functional index
|