Overview
Request 292041 revoked
update to 1.6.11
* Made is_safe_url() reject URLs that start with control characters
to mitigate possible XSS attack via user-supplied redirect URLs
(bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags()
(bnc#923172, CVE-2015-2316)
- update to 1.6.10:
* Content retrieved from the GeoIP library is now properly decoded from its
default ``iso-8859-1`` encoding
* Fixed ``AttributeError`` when using
:meth:`~django.db.models.query.QuerySet.bulk_create` with ``ForeignObject``
* Fixed crash of ``QuerySet``\s that use ``F() + timedelta()`` when their query
was compiled more once
* Prevented custom ``widget`` class attribute of
:class:`~django.forms.IntegerField` subclasses from being overwritten by the
code in their ``__init__`` method
* Improved :func:`~django.utils.html.strip_tags` accuracy (but it still cannot
guarantee an HTML-safe result, as stated in the documentation).
* Fixed a regression in the :mod:`django.contrib.gis` SQL compiler for
non-concrete fields (`#22250 <http://code.djangoproject.com/ticket/22250>`_).
* Fixed :attr:`ModelAdmin.preserve_filters
<django.contrib.admin.ModelAdmin.preserve_filters>` when running a site with
a URL prefix (`#21795 <http://code.djangoproject.com/ticket/21795>`_).
* Fixed a crash in the ``find_command`` management utility when the ``PATH``
environment variable wasn't set
* Fixed :djadmin:`changepassword` on Windows
* Avoided shadowing deadlock exceptions on MySQL
* Wrapped database exceptions in ``_set_autocommit``
* Fixed atomicity when closing a database connection or when the database server
disconnects (`#21239 <https://code.djangoproject.com/ticket/21239>`_ and
- Created by bmwiedemann
- In state revoked
- Open review for devel:languages:python
Request History
bmwiedemann created request
update to 1.6.11
* Made is_safe_url() reject URLs that start with control characters
to mitigate possible XSS attack via user-supplied redirect URLs
(bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags()
(bnc#923172, CVE-2015-2316)
- update to 1.6.10:
* Content retrieved from the GeoIP library is now properly decoded from its
default ``iso-8859-1`` encoding
* Fixed ``AttributeError`` when using
:meth:`~django.db.models.query.QuerySet.bulk_create` with ``ForeignObject``
* Fixed crash of ``QuerySet``\s that use ``F() + timedelta()`` when their query
was compiled more once
* Prevented custom ``widget`` class attribute of
:class:`~django.forms.IntegerField` subclasses from being overwritten by the
code in their ``__init__`` method
* Improved :func:`~django.utils.html.strip_tags` accuracy (but it still cannot
guarantee an HTML-safe result, as stated in the documentation).
* Fixed a regression in the :mod:`django.contrib.gis` SQL compiler for
non-concrete fields (`#22250 <http://code.djangoproject.com/ticket/22250>`_).
* Fixed :attr:`ModelAdmin.preserve_filters
<django.contrib.admin.ModelAdmin.preserve_filters>` when running a site with
a URL prefix (`#21795 <http://code.djangoproject.com/ticket/21795>`_).
* Fixed a crash in the ``find_command`` management utility when the ``PATH``
environment variable wasn't set
* Fixed :djadmin:`changepassword` on Windows
* Avoided shadowing deadlock exceptions on MySQL
* Wrapped database exceptions in ``_set_autocommit``
* Fixed atomicity when closing a database connection or when the database server
disconnects (`#21239 <https://code.djangoproject.com/ticket/21239>`_ and
maintbot added devel:languages:python as a reviewer
Submission by someone who is not maintainer in the devel project. Please review
maintbot accepted review
accepted
AndreasStieger declined request
Changelog is not linerar. Please submit from the development project or from a maintenance branch created using osc mbranch.
bmwiedemann revoked request
superseded by https://build.opensuse.org/request/show/292722
submitting from devel project is not possible, because the version there is too new.