./www/py-django4, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.2.20, Package name: py312-django-4.2.20, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

Master sites:

Filesize: 10188.17 KB

Version history: (Expand)

CVS history: (Expand)


   2025-03-06 17:06:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.20

Django 4.2.20 fixes a security issue with severity “moderate” in 4.2.19.

CVE-2025-26699: Potential denial-of-service vulnerability in django.utils.text.wrap()

The wrap() and wordwrap template filter were subject to a potential \ 
denial-of-service attack when used with very long strings.
   2025-03-05 11:43:17 by Thomas Klausner | Files touched by this commit (1) 
Log message:
py-django4: fix wheel name for latest setuptools and depend on it

Bump PKGREVISION.
   2025-02-05 21:50:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.19

Django 4.2.19 fixes a regression in 4.2.18.

Bugfixes

Fixed a regression in Django 4.2.18 that caused validate_ipv6_address() and \ 
validate_ipv46_address() to crash when handling non-string values
   2025-01-14 16:56:01 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.18

Django 4.2.18 fixes a security issue with severity “moderate” in 4.2.17.

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation

Lack of upper bound limit enforcement in strings passed when performing IPv6 \ 
validation could lead to a potential denial-of-service attack. The undocumented \ 
and private functions clean_ipv6_address and is_valid_ipv6_address were \ 
vulnerable, as was the django.forms.GenericIPAddressField form field, which has \ 
now been updated to define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.
   2024-12-04 21:21:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.17

4.2.17

Django 4.2.17 fixes one security issue with severity “high” and one security \ 
issue with severity “moderate” in 4.2.16.

CVE-2024-53907: Denial-of-service possibility in strip_tags()

strip_tags() would be extremely slow to evaluate certain inputs containing large \ 
sequences of nested incomplete HTML entities. The strip_tags() method is used to \ 
implement the corresponding striptags template filter, which was thus also \ 
vulnerable.

strip_tags() now has an upper limit of recursive calls to HTMLParser before \ 
raising a SuspiciousOperation exception.

Remember that absolutely NO guarantee is provided about the results of \ 
strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() \ 
call without escaping it first, for example with django.utils.html.escape().

CVE-2024-53908: Potential SQL injection via HasKey(lhs, rhs) on Oracle

Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle was \ 
subject to SQL injection if untrusted data was used as a lhs value.

Applications that use the has_key lookup through the __ syntax are unaffected.
   2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862) 
Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays
   2024-08-15 23:55:19 by Thomas Klausner | Files touched by this commit (6) 
Log message:
*: remove Python 3.9 specific dependencies

in a quest to fix pbulk
   2024-05-07 20:17:41 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.13

Django 4.2.13 fixes a packaging error in 4.2.12.