./www/py-django4, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.2.11, Package name: py311-django-4.2.11, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.

Master sites:

Filesize: 10182.479 KB

Version history: (Expand)

CVS history: (Expand)


   2024-03-04 16:48:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django4: updated to 4.2.11

Django 4.2.11 fixes a security issue with severity “moderate” and a \ 
regression in 4.2.10.

CVE-2024-27351: Potential regular expression denial-of-service in \ 
django.utils.text.Truncator.words()

django.utils.text.Truncator.words() method (with html=True) and \ 
truncatewords_html template filter were subject to a potential regular \ 
expression denial-of-service attack using a suitably crafted string (follow up \ 
to CVE-2019-14232 and CVE-2023-43665).

Bugfixes

Fixed a regression in Django 4.2.10 where intcomma template filter could return \ 
a leading comma for string representation of floats.
   2024-02-09 11:34:29 by Adam Ciarcinski | Files touched by this commit (4) 
Log message:
Replace databases/py-mysqldb with databases/py-mysqlclient
   2024-02-08 23:42:53 by Adam Ciarcinski | Files touched by this commit (6) 
Log message:
py-django4: added version 4.2.10

Django 4.2.10 fixes a security issue with severity “moderate” in 4.2.9.

CVE-2024-24680: Potential denial-of-service in intcomma template filter

The intcomma template filter was subject to a potential denial-of-service attack \ 
when used with very long strings.