Overview
Request 817883 accepted
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
* Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
* Pinned PyYAML < 5.3 in test requirements.
* Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
* Fixed timezones tests for PyYAML 5.3+.
* Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
* Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
* Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
* Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
Request History
jgrassler created request
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
* Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
* Pinned PyYAML < 5.3 in test requirements.
* Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
* Fixed timezones tests for PyYAML 5.3+.
* Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
* Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
* Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
* Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
flaviosr accepted request
