Path to this page:
./
www/py-django3,
Django, a high-level Python Web framework
Branch: CURRENT,
Version: 3.2.25,
Package name: py312-django-3.2.25,
Maintainer: pkgsrc-usersDjango is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
Required to run:[
devel/py-setuptools] [
time/py-pytz] [
databases/py-sqlparse] [
www/py-asgiref] [
lang/python37]
Required to build:[
pkgtools/cwrappers]
Master sites:
Filesize: 9605.797 KB
Version history: (Expand)
- (2024-11-11) Updated to version: py312-django-3.2.25
- (2024-03-04) Updated to version: py311-django-3.2.25
- (2024-02-09) Updated to version: py311-django-3.2.24
- (2023-11-01) Updated to version: py311-django-3.2.23
- (2023-10-04) Updated to version: py311-django-3.2.22
- (2023-09-13) Updated to version: py311-django-3.2.21
CVS history: (Expand)
2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862) |
Log message:
py-*: remove unused tool dependency
py-setuptools includes the py-wheel functionality nowadays
|
2024-03-04 16:47:29 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.25
Django 3.2.25 fixes a security issue with severity “moderate” and a \
regression in 3.2.24.
CVE-2024-27351: Potential regular expression denial-of-service in \
django.utils.text.Truncator.words()
django.utils.text.Truncator.words() method (with html=True) and \
truncatewords_html template filter were subject to a potential regular \
expression denial-of-service attack using a suitably crafted string (follow up \
to CVE-2019-14232 and CVE-2023-43665).
Bugfixes
Fixed a regression in Django 3.2.24 where intcomma template filter could return \
a leading comma for string representation of floats.
|
2024-02-09 11:34:29 by Adam Ciarcinski | Files touched by this commit (4) |
Log message:
Replace databases/py-mysqldb with databases/py-mysqlclient
|
2024-02-08 23:46:48 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-django3: updated to 3.2.24
Django 3.2.24 fixes a security issue with severity “moderate” in 3.2.23.
CVE-2024-24680: Potential denial-of-service in intcomma template filter
The intcomma template filter was subject to a potential denial-of-service attack \
when used with very long strings.
|
2023-11-01 21:17:00 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.23
Django 3.2.23
CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows
|
2023-10-04 22:13:51 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.22
Django 3.2.22 fixes a security issue with severity “moderate” in 3.2.21.
CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator
Following the fix for CVE-2019-14232, the regular expressions used in the \
implementation of django.utils.text.Truncator’s chars() and words() methods \
(with html=True) were revised and improved. However, these regular expressions \
still exhibited linear backtracking complexity, so when given a very long, \
potentially malformed HTML input, the evaluation would still be slow, leading to \
a potential denial of service vulnerability.
The chars() and words() methods are used to implement the truncatechars_html and \
truncatewords_html template filters, which were thus also vulnerable.
The input processed by Truncator, when operating in HTML mode, has been limited \
to the first five million characters in order to avoid potential performance and \
memory issues.
|
2023-09-13 11:58:30 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.21
Django 3.2.21 fixes a security issue with severity “moderate” in 3.2.20.
CVE-2023-41164: Potential denial of service vulnerability in \
django.utils.encoding.uri_to_iri()
|
2023-08-04 07:22:05 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.20
Django 3.2.20 fixes a security issue with severity “moderate” in 3.2.19.
CVE-2023-36053: Potential regular expression denial of service vulnerability in \
EmailValidator/URLValidator¶
EmailValidator and URLValidator were subject to potential regular expression \
denial of service attack via a very large number of domain name labels of emails \
and URLs.
|