Revisions of python-Django
Dominique Leuenberger (dimstar_suse)
accepted
request 735855
from
Tomáš Chvátal (scarabeus_iv)
(revision 56)
- Update to 2.2.6: * Fixed migrations crash on SQLite when altering a model containing partial indexes (#30754). * Fixed a regression in Django 2.2.4 that caused a crash when filtering with a Subquery() annotation of a queryset containing JSONField or HStoreField (#30769).
Dominique Leuenberger (dimstar_suse)
accepted
request 731244
from
Tomáš Chvátal (scarabeus_iv)
(revision 55)
- Update to 2.2.5: * Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673). * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672). * Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449). * Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500).
Dominique Leuenberger (dimstar_suse)
accepted
request 720189
from
Tomáš Chvátal (scarabeus_iv)
(revision 54)
- Update to 2.2.4: * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880 * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628). * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621). * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506). * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
Dominique Leuenberger (dimstar_suse)
accepted
request 716616
from
Tomáš Chvátal (scarabeus_iv)
(revision 53)
- Update to 2.2.3: * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶
Dominique Leuenberger (dimstar_suse)
accepted
request 707145
from
Ondřej Súkup (mimi_vx)
(revision 52)
- update to 2.2.2 * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468) * Fixes CVE-2019-11358: Prototype pollution
Dominique Leuenberger (dimstar_suse)
accepted
request 701222
from
Tomáš Chvátal (scarabeus_iv)
(revision 51)
- Update keyring file - Update to 2.2.1 * Fixed a regression in Django 2.1 that caused the incorrect quoting of database user password when using dbshell on Oracle (#30307). * Added compatibility for psycopg2 2.8 (#30331). * Fixed a regression in Django 2.2 that caused a crash when loading the template for the technical 500 debug page (#30324). * Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an expression with params (#30332). * Fixed a regression in Django 2.2 that caused a single instance fast-delete to not set the primary key to None (#30330). * Prevented makemigrations from generating infinite migrations for check constraints and partial indexes when condition contains a range object (#30350). Reverted an optimization in Django 2.2 (#29725) that caused the inconsistent behavior of count() and exists() on a reverse many-to-many relationship with a custom manager (#30325). * Fixed a regression in Django 2.2 where Paginator crashes if object_list is a queryset ordered or aggregated over a nested JSONField key transform (#30335). * Fixed a regression in Django 2.2 where IntegerField validation of database limits crashes if limit_value attribute in a custom validator is callable (#30328). * Fixed a regression in Django 2.2 where SearchVector generates SQL that is not indexable (#30385). * Fixed a regression in Django 2.2 that caused an exception to be raised when a custom error handler could not be imported (#30318). * Relaxed the system check added in Django 2.2 for the admin app’s dependencies to reallow use of SessionMiddleware subclasses,
Dominique Leuenberger (dimstar_suse)
accepted
request 693732
from
Ondřej Súkup (mimi_vx)
(revision 50)
Dominique Leuenberger (dimstar_suse)
accepted
request 687916
from
Tomáš Chvátal (scarabeus_iv)
(revision 49)
- Add patch to build with PyYAML >5: * pyyaml5.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 673591
from
Thomas Bechtold (tbechtold)
(revision 48)
- update to 2.1.7 (CVE-2019-6975, bsc#1124991): * Corrected packaging error from 2.1.6 * Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. * Made the obj argument of InlineModelAdmin.has_add_permission() optional to restore backwards compatibility with third-party code that doesn’t provide it
Dominique Leuenberger (dimstar_suse)
accepted
request 664341
from
Thomas Bechtold (tbechtold)
(revision 47)
- update to 2.1.5 (CVE-2019-3498, bsc#1120932): * CVE-2019-3498: Content spoofing possibility in the default 404 page * Fixed compatibility with mysqlclient 1.3.14 (#30013). * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later (#29182). * Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption (#30023). * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn’t properly consumed for such connections (#30015). * Fixed a regression in Django 2.1.4 where InlineModelAdmin.has_change_permission() is incorrectly called with a non-None obj argument during an object add (#30050).
Dominique Leuenberger (dimstar_suse)
accepted
request 656848
from
Ondřej Súkup (mimi_vx)
(revision 46)
Dominique Leuenberger (dimstar_suse)
accepted
request 646024
from
Tomáš Chvátal (scarabeus_iv)
(revision 45)
Dominique Leuenberger (dimstar_suse)
accepted
request 639976
from
Ondřej Súkup (mimi_vx)
(revision 44)
Dominique Leuenberger (dimstar_suse)
accepted
request 633261
from
Tomáš Chvátal (scarabeus_iv)
(revision 43)
Dominique Leuenberger (dimstar_suse)
accepted
request 629188
from
Tomáš Chvátal (scarabeus_iv)
(revision 42)
- Apply patch to fix urlencode nonstring values: * django-urlencode.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 628114
from
Tomáš Chvátal (scarabeus_iv)
(revision 41)
- Enable testsuite
Dominique Leuenberger (dimstar_suse)
accepted
request 628043
from
Ondřej Súkup (mimi_vx)
(revision 40)
- update to version 2.1 - move bash completion to right location - for full chanfges please see https://docs.djangoproject.com/en/2.1/releases/2.1/ * Dropped support for MySQL 5.5 * Dropped support for PostgreSQL 9.3 * Support for SpatiaLite 4.0 is removed * Support for SQLite < 3.7.15 is removed. (forwarded request 628038 from mimi_vx)
Dominique Leuenberger (dimstar_suse)
accepted
request 622355
from
Ondřej Súkup (mimi_vx)
(revision 39)
Yuchen Lin (maxlin_factory)
accepted
request 594522
from
Thomas Bechtold (tbechtold)
(revision 38)
- update to version 2.0.4: * Fixed #29265 -- Removed the suggestion to hardcode static URLs. * Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. * Fixed #29195 -- Fixed Exists.output_field resolution on single-valued queries. * Fixed links to Sphinx docs. * Fixed typo in docs/releases/2.0.4.txt. * Clarified docs about ISO 8601 week numbering. * Fixed #29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID. * Added CVE-2018-7536,7 to the security release archive. * Fixed #29221 -- Corrected admin's autocomplete widget to add a space after custom classes. * Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets. * Added a pagination example to ListView docs. * Fixed #28514 -- Clarifed docs about idempotence of RelatedManager.add(). * isorted import statements in tutorial example. * Fixed #29192 -- Corrected docs regarding overriding fields from abstract base classes. * Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations. * Added stub release notes for 1.11.12. * Fixed #29165 -- Clarified how to load initial data with migrations. * Fixed #29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant. * Reverted "Expanded docs for AbstractBaseUser.has_usable_password()." * Fixed typo in docs/releases/2.0.4/1.11.12.txt. * Bumped version for 2.0.4 release. * Fixed #29250 -- Added 'django_version' context to startapp/project docs. * Added release date for 2.0.4 and 1.11.12. * Post-release version bump. * Clarified a sentence in docs/topics/i18n/translation.txt. * Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection(). * Added stub release notes for 2.0.4. * Fixed a couple mistakes in docs/ref/forms/widgets.txt. * Fixed #28655 -- Added more examples for customizing widgets in a form.
Dominique Leuenberger (dimstar_suse)
accepted
request 588436
from
Thomas Bechtold (tbechtold)
(revision 37)
- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537): * Fixed #29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets. * Added CVE-2018-6188 to the security release archive. * Post-release version bump. * Updated translations from Transifex * Added stub release notes for security releases. * Fixed incorrect regex in re_path() example. * Fixed #29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments. * Fixed #29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks. * Used a CSS positioning in tutorial 6 that doesn't differ across browsers. * Fixed typo in bulk_create() documentation. * Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string. * Removed blank lines per isort 4.3.0. * Added stub release notes for 2.0.3. * Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. * Fixed #29172 -- Fixed crash with Window expression in a subquery. * Fixed #29166 -- Fixed crash in When() expression with a list argument. * Fixed #24270 -- Doc'd that django_bash_completion is only in the source distribution. * Improved clarity of docs/topics/install.txt. * Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value. * Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. * Bumped version for 2.0.3 release. * Corrected doc'd type of some parameters from string to str. * Fixed #29146 -- Readded ^ and $ inadvertently removed from re_path() examples. * Fixed #29107 -- Doc'd that ModelForm doesn't actually inherit from Form. * Switched test requirement to new psycopg2-binary package. * Added backticks around obj argument in admin docs. * Fixed typo in docs/topics/forms/media.txt. * Fixed #29109 -- Fixed the admin time picker widget for the Thai locale. * Fixed #29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
Displaying revisions 61 - 80 of 116