| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Django 1.11.29 fixes a security issue in 1.11.28.
CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle
GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance.
|
|
Django 1.11.28 fixes a security issue:
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter.
|
|
Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
|
|
Django 1.11.26:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform.
|
|
Django 1.11.25:
Fixed a crash when filtering with a Subquery() annotation of a queryset containing JSONField or HStoreField
|
|
Django 1.11.24 fixes a regression in 1.11.23.
Bugfixes
Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params
|
|
Django 1.11.23:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
|
|
Django 1.11.22:
Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
|
|
Django 1.11.21 release notes
CVE-2019-12308: AdminURLFieldWidget XSS
The clickable “Current URL” link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator before displaying the clickable link. You may customise the validator by passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using formfield_overrides.
|
|
1.11.20:
Bugfixes
Corrected packaging error from 1.11.19
1.11.19:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
|
|
Django 1.11.18 fixes a security issue in 1.11.17.
CVE-2019-3498: Content spoofing possibility in the default 404 page
|
|
Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7.
Bugfixes:
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion since Django 1.11.14.
|
|
Django 1.11.16:
Fixed a race condition in QuerySet.update_or_create() that could result in data loss
|
|
1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware
If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
CommonMiddleware now escapes leading slashes to prevent redirects to other domains.
|
|
Django 1.11.14:
Bugfixes:
Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+.
Fixed a regression in Django 1.10 that could result in large memory usage when making edits using ModelAdmin.list_editable
|
|
1.11.13:
Bugfixes
* Fixed a regression in Django 1.11.8 where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary.
* Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed.
* Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
|
|
Django 1.11.12:
Bugfixes:
Fixed a regression in Django 1.11.8 where combining two annotated values_list() querysets with union(), difference(), or intersection() crashed due to mismatching columns.
Fixed a regression in Django 1.11 where an empty choice could be initially selected for the SelectMultiple and CheckboxSelectMultiple widgets
|
|
1.11.11:
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
CVE-2018-7537: Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
|
|
1.11.10:
CVE-2018-6188: Information leakage in AuthenticationForm
A regression in Django 1.11.8 made AuthenticationForm run its confirm_login_allowed() method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirm_login_allowed() raises. If confirm_login_allowed() isn’t overridden, an attacker enter an arbitrary username and see if that user has been set to is_active=False. If confirm_login_allowed() is overridden, more sensitive details could be leaked.
This issue is fixed with the caveat that AuthenticationForm can no longer raise the “This account is inactive.” error if the authentication backend rejects inactive users (the default authentication backend, ModelBackend, has done that since Django 1.10). This issue will be revisited for Django 2.1 as a fix to address the caveat will likely be too invasive for inclusion in older versions.
Bugfixes:
Fixed incorrect foreign key nullification if a model has two foreign keys to the same model and a target model is deleted.
Fixed a regression where contrib.auth.authenticate() crashes if an authentication backend doesn’t accept request and a later one does.
Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
|
|
Bugfixes:
Fixed a regression in Django 1.11 that added newlines between MultiWidget’s subwidgets.
Fixed incorrect class-based model index name generation for models with quoted db_table.
Fixed incorrect foreign key constraint name for models with quoted db_table.
Fixed a regression in caching of a GenericForeignKey when the referenced model instance uses more than one level of multi-table inheritance.
|
|
|
|
Django 1.11.8 fixes several bugs in 1.11.7:
* Reallowed, following a regression in Django 1.10, AuthenticationForm to raise the inactive user error when using ModelBackend.
* Added support for QuerySet.values() and values_list() for union(), difference(), and intersection() queries.
* Fixed incorrect index name truncation when using a namespaced db_table.
* Made QuerySet.iterator() use server-side cursors on PostgreSQL after values() and values_list().
* Fixed crash on SQLite and MySQL when ordering by a filtered subquery that uses nulls_first or nulls_last.
* Made query lookups for CICharField, CIEmailField, and CITextField use a citext cast.
* Fixed a regression in caching of a GenericForeignKey when the referenced model instance uses multi-table inheritance.
* Fixed “Cannot change column ‘x’: used in a foreign key constraint” crash on MySQL with a sequence of AlterField and/or RenameField operations in a migration
|
|
1.11.7:
Bugfixes
* Prevented cache.get_or_set() from caching None if the default argument is a callable that returns None.
* Fixed the Basque DATE_FORMAT string.
* Made QuerySet.reverse() affect nulls_first and nulls_last.
* Fixed unquoted table names in Subquery SQL when using OuterRef
|
|
Bugfixes:
* Made the CharField form field convert whitespace-only values to the empty_value when strip is enabled.
* Fixed crash when using the name of a model’s autogenerated primary key (id) in an Index’s fields.
* Fixed a regression in Django 1.9 where a custom view error handler such as handler404 that accesses csrf_token could cause CSRF verification failures on other pages
|
|
CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page¶
In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with DEBUG = True (which makes this page accessible) in your production settings.
Bugfixes:
Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2).
Added compatibility for cx_Oracle 6.
Fixed select widget rendering when option values are tuples.
Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in 28451 comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme.
Added POST request support to LogoutView, for equivalence with the function-based logout() view.
Omitted pages_per_range from BrinIndex.deconstruct() if it’s None.
Fixed a regression where SelectDateWidget localized the years in the select box.
Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows.
Fixed a regression in Django 1.10 where changes to a ManyToManyField weren’t logged in the admin change history and prevented ManyToManyField initial data in model forms from being affected by subsequent model changes.
Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins.
Fixed a regression in contrib.auth’s login() and logout() views where they ignored positional arguments
|
|
|
|
Bugfixes:
Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values for date/time widgets results in an empty value in the widget’s HTML.
Fixed QuerySet.union() and difference() when combining with a queryset raising EmptyResultSet.
Fixed a regression in pickling of LazyObject on Python 2 when the wrapped object doesn’t have __reduce__().
Fixed crash in runserver’s autoreload with Python 2 on Windows with non-str environment variables.
Corrected Field.has_changed() to return False for disabled form fields: BooleanField, MultipleChoiceField, MultiValueField, FileField, ModelChoiceField, and ModelMultipleChoiceField.
Fixed QuerySet.count() for union(), difference(), and intersection() queries..
Fixed ClearableFileInput rendering as a subwidget of MultiWidget. Custom clearable_file_input.html widget templates will need to adapt for the fact that context values checkbox_name, checkbox_id, is_initial, input_text, initial_text, and clear_checkbox_label are now attributes of widget rather than appearing in the top-level context.
Fixed queryset crash when using a GenericRelation to a proxy model
|
|
Bugfixes
Removed an incorrect deprecation warning about a missing renderer argument if a Widget.render() method accepts **kwargs.
Fixed a regression causing Model.__init__() to crash if a field has an instance only descriptor.
Fixed an incorrect DisallowedModelAdminLookup exception when using a nested reverse relation in list_filter.
Fixed admin’s FieldListFilter.get_queryset() crash on invalid input.
Fixed invalid HTML for a required AdminFileWidget.
Fixed model initialization to set the name of class-based model indexes for models that only inherit models.Model.
Fixed crash in admin’s inlines when a model has an inherited non-editable primary key.
Fixed QuerySet.union(), intersection(), and difference() when combining with an EmptyQuerySet.
Prevented Paginator’s unordered object list warning from evaluating a QuerySet.
Fixed the value of redirect_field_name in LoginView’s template context. It’s now an empty string (as it is for the original function-based login() view) if the corresponding parameter isn’t sent in a request (in particular, when the login page is accessed directly).
Prevented attribute values in the django/forms/widgets/attrs.html template from being localized so that numeric attributes (e.g. max and min) of NumberInput work correctly.
Removed casting of the option value to a string in the template context of the CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select widgets. In Django 1.11.1, casting was added in Python to avoid localization of numeric values in Django templates, but this made some use cases more difficult. Casting is now done in the template using the |stringformat:'s' filter.
Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False.
Fixed UnboundLocalError crash in RenameField with nonexistent field.
Fixed a regression preventing a model field’s limit_choices_to from being evaluated when a ModelForm is instantiated.
|
|
Django 1.11.2 adds a minor feature and fixes several bugs in 1.11.1. Also, the latest string translations from Transifex are incorporated.
Minor feature:
* The new LiveServerTestCase.port attribute reallows the use case of binding to a specific port following the bind to port zero change in Django 1.11.
Bugfixes:
* Added detection for GDAL 2.1 and 2.0, and removed detection for unsupported versions 1.7 and 1.8.
* Changed contrib.gis to raise ImproperlyConfigured rather than GDALException if gdal isn’t installed, to allow third-party apps to catch that exception.
* Fixed django.utils.http.is_safe_url() crash on invalid IPv6 URLs.
* Fixed regression causing pickling of model fields to crash.
* Fixed django.contrib.auth.authenticate() when multiple authentication backends don’t accept a positional request argument.
* Fixed introspection of index field ordering on PostgreSQL.
* Fixed a regression where Model._state.adding wasn’t set correctly on multi-table inheritance parent models after saving a child model.
* Allowed DjangoJSONEncoder to serialize django.utils.deprecation.CallableBool.
* Relaxed the validation added in Django 1.11 of the fields in the defaults argument of QuerySet.get_or_create() and update_or_create() to reallow settable model properties.
* Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if the InvalidPage message contains non-ASCII.
* Prevented Subquery from adding an unnecessary CAST which resulted in invalid SQL.
* Corrected detection of GDAL 2.1 on Windows.
* Made date-based generic views return a 404 rather than crash when given an out of range date.
* Fixed a regression where file_move_safe() crashed when moving files to a CIFS mount.
* Moved the ImageField file extension validation added in Django 1.11 from the model field to the form field to reallow the use case of storing images without an extension
|
|
Allowed disabling server-side cursors on PostgreSQL
Bugfixes:
Made migrations respect Index’s name argument. If you created a named index with Django 1.11, makemigrations will create a migration to recreate the index with the correct name.
Fixed a crash when using a __icontains lookup on a ArrayField.
Fixed a crash when using a two-tuple in EmailMessage’s attachments argument.
Fixed QuerySet.filter() crash when it references the name of a OneToOneField primary key.
Fixed empty POST data table appearing instead of “No POST data” in HTML debug page.
Restored BoundFields without any choices evaluating to True.
Prevented SessionBase.cycle_key() from losing session data if _session_cache isn’t populated.
Fixed layout of ReadOnlyPasswordHashWidget (used in the admin’s user change page).
Allowed prefetch calls on managers with custom ModelIterable subclasses.
Fixed change password link in the contrib.auth admin for el, es_MX, and pt translations.
Restored the output of the class attribute in the <ul> of widgets that use the multiple_input.html template. This fixes ModelAdmin.radio_fields with admin.HORIZONTAL.
Fixed crash in BaseGeometryWidget.subwidgets().
Fixed exception reraising in ORM query execution when cursor.execute() fails and the subsequent cursor.close() also fails.
Fixed a regression where CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select localized option values.
Corrected the stack level of unordered queryset pagination warnings.
Fixed a regression causing incorrect queries for __in subquery lookups when models use ForeignKey.to_field.
Fixed crash when overriding the template of django.views.static.directory_index().
Fixed a regression in formset min_num validation with unchanged forms that have initial data.
Prepared for cx_Oracle 6.0 support.
Updated the contrib.postgres SplitArrayWidget to use template-based widget rendering.
Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs.
Prevented AddIndex and RemoveIndex from mutating model state.
Prevented migrations from dropping database indexes from Meta.indexes when changing Field.db_index to False.
Fixed a regression in choice ordering in form fields with grouped and non-grouped options.
Fixed crash in BaseInlineFormSet._construct_form() when using save_as_new.
Fixed a regression where Model._state.db wasn’t set correctly on multi-table inheritance parent models after saving a child model.
Corrected the return type of ArrayField(CITextField()) values retrieved from the database.
Fixed QuerySet.prefetch_related() crash when fetching relations in nested Prefetch objects.
Prevented hiding GDAL errors if it’s not installed when using contrib.gis. (It’s a required dependency as of Django 1.11.)
Fixed a regression causing __in lookups on a foreign key to fail when using the foreign key’s parent model as the lookup
|
|
As always, the release notes cover the medley of new features in detail, but a few highlights are:
* Class-based model indexes for creating database indexes.
* Template-based widget rendering to ease customizing form widgets.
* Subquery expressions to create explicit subqueries using the ORM.
|
|
Bugfixes:
* Fixed ClearableFileInput’s “Clear” checkbox on model form fields where the model field has a default.
* Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than generating a bad request response.
* Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or IntegerField from DateField.
* Fixed query expression date subtraction accuracy on PostgreSQL for differences larger than a month.
* Fixed a GDALException raised by GDALClose on GDAL ≥ 2.0.
|
|
Bugfixes
* Fixed a crash in the debug view if request.user can’t be retrieved, such as if the database is unavailable.
* Fixed occasional missing plural forms in JavaScriptCatalog.
* Fixed a regression in the timesince and timeuntil filters that caused incorrect results for dates in a leap year.
* Fixed a regression where collectstatic overwrote newer files in remote storages.
|
|
|
|
Bugfixes
* Quoted the Oracle test user’s password in queries to fix the “ORA-00922: missing or invalid option” error when the password starts with a number or special character.
* Fixed incorrect app_label / model_name arguments for allow_migrate() in makemigrations migration consistency checks.
* Made Model.delete(keep_parents=True) preserve parent reverse relationships in multi-table inheritance.
* Fixed a QuerySet.update() crash on SQLite when updating a DateTimeField with an F() expression and a timedelta.
* Prevented LocaleMiddleware from redirecting on URLs that should return 404 when using prefix_default_language=False.
* Prevented an unnecessary index from being created on an InnoDB ForeignKey when the field was added after the model was created.
|
|
Approved by: joerg@(maintainer)
Upstream changelog is too long, please visit:
https://github.com/django/django/tree/master/docs/releases
|
|
Upstream changes:
Django 1.9.11 release notes
November 1, 2016
Django 1.9.11 fixes two security issues in 1.9.10.
User with hardcoded password created when running tests on Oracle
DNS rebinding vulnerability when DEBUG=True
|
|
Upstream changes:
Django 1.9.10 release notes
September 26, 2016
Django 1.9.10 fixes a security issue in 1.9.9.
CSRF protection bypass on a site with Google Analytics
An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.
The parser for request.COOKIES is simplified to better match the behavior of browsers and to mitigate this attack. request.COOKIES may now contain cookies that are invalid according to RFC 6265 but are possible to set via document.cookie.
|
|
by the infrastructure.
Mark a couple more packages as not ready for python-3.x.
|
|
Bugfixes:
* Fixed invalid HTML in template postmortem on the debug page
* Fixed some GIS database function crashes on MySQL 5.7
|
|
Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data.
The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent.
Bugfixes:
* Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.
|
|
Bugfixes:
* Removed the need for the request context processor on the admin login page to fix a regression in 1.9.
* Fixed translation of password validators’ help_text in forms.
* Fixed a regression causing the cached template loader to crash when using lazy template names.
* Fixed on_commit callbacks execution order when callbacks make transactions.
* Fixed HStoreField to raise a ValidationError instead of crashing on non-dictionary JSON input.
* Fixed dbshell crash on PostgreSQL with an empty database name.
* Fixed a regression in queries on a OneToOneField that has to_field and primary_key=True.
|
|
Bugfixes:
---------
Added support for relative path redirects to the test client and to SimpleTestCase.assertRedirects() because Django 1.9 no longer converts redirects to absolute URIs.
Fixed TimeField microseconds round-tripping on MySQL and SQLite.
Prevented makemigrations from generating infinite migrations for a model field that references a functools.partial.
Fixed a regression where SessionBase.pop() returned None rather than raising a KeyError for nonexistent values.
Fixed a regression causing the cached template loader to crash when using template names starting with a dash.
Restored conversion of an empty string to null when saving values of GenericIPAddressField on SQLite and MySQL.
Fixed a makemessages regression where temporary .py extensions were leaked in source file paths
|
|
Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input.
Fixed a race condition in BaseCache.get_or_set(). It now returns the default value instead of False if there’s an error when trying to add the value to the cache.
Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None.
The forms in contrib.auth no longer strip trailing and leading whitespace from the password fields. The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django.
Fixed a memory leak in the cached template loader.
Fixed a regression that caused collectstatic --clear to fail if the storage doesn’t implement path().
Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has a to_field set to something other than the primary key.
Fixed a regression in CommonMiddleware that caused spurious warnings in logs on requests missing a trailing slash.
Restored the functionality of the admin’s raw_id_fields in list_editable.
Fixed a regression with abstract model inheritance and explicit parent links.
Fixed a migrations crash on SQLite when renaming the primary key of a model containing a ForeignKey to 'self'.
Fixed JSONField inadvertently escaping its contents when displaying values after failed form validation.
|
|
where utils.http.is_safe_url() crashes on bytestring URLs.
|
|
Fixed a regression that caused the “user-tools” items to display on the admin’s logout page.
Fixed a crash in the translations system when the current language has no translations.
Fixed a regression that caused the incorrect day to be selected when opening the admin calendar widget for timezones from GMT+0100 to GMT+1200.
Fixed a regression in 1.8.8 causing incorrect index handling in migrations on PostgreSQL when adding db_index=True or unique=True to a CharField or TextField that already had the other specified, or when removing one of them from a field that had both, or when adding unique=True to a field already listed in unique_together.
Fixed a crash when using an __in lookup inside a Case expression.
Fixed a crash when using a reverse OneToOneField in ModelAdmin.readonly_fields.
Fixed a regression in Django 1.8.5 that broke copying a SimpleLazyObject with copy.copy().
Fixed the contrib.gis map widgets when using USE_THOUSAND_SEPARATOR=True.
|
|
Fixed incorrect unique_together field name generation by inspectdb.
Corrected __len query lookup on ArrayField for empty arrays.
Restored the ability to use custom formats from formats.py with django.utils.formats.get_format() and the date template filter.
Fixed a state bug when migrating a SeparateDatabaseAndState operation backwards.
Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AlterField on PostgreSQL.
Fixed a state bug when using an AlterModelManagers operation.
Fixed a regression which prevented using a language not in Django’s default language list (LANGUAGES).
django.views.decorators.cache.never_cache() now sends more persuasive headers (added no-cache, no-store, must-revalidate to Cache-Control) to better prevent caching. This fixes a problem where a page refresh in Firefox cleared the selected entries in the admin’s filter_horizontal and filter_vertical widgets, which could result in inadvertent data loss if a user didn’t notice that and then submitted the form.
Fixed a regression in the admin which ignored line breaks in read-only fields instead of converting them to <br>.
Made loaddata skip disabling and enabling database constraints when it doesn’t load any fixtures.
Fixed a crash in QuerySet.values()/values_list() after an annotate() and order_by() when values()/values_list() includes a field not in the order_by()
|
|
* Fixed settings leak possibility in date template filter
* Bug fixes
|
|
1.8.5:
Fixed a regression causing ModelChoiceField to ignore prefetch_related() on its queryset.
Allowed “mode=memory” in SQLite test database name if supported.
Fixed system check crash on ForeignKey to abstract model.
Fixed incorrect queries when you have multiple ManyToManyFields on different models that have the same field name, point to the same model, and have their reverse relations disabled.
Allowed filtering over a RawSQL annotation.
Made the Concat database function idempotent on SQLite.
Avoided a confusing stack trace when starting runserver with an invalid INSTALLED_APPS setting.
Made deferred models use their proxied model’s _meta.apps for caching and retrieval. This prevents any models generated in data migrations using QuerySet.defer() from leaking to test and application code.
Fixed a typo in the name of the strictly_above PostGIS lookup.
Fixed crash with contrib.postgres.forms.SplitArrayField and IntegerField on invalid value.
Added a helpful error message when Django and South migrations exist in the same directory.
Fixed a regression in URLValidator that allowed URLs with consecutive dots in the domain section (like http://example..com/) to pass.
Fixed a crash with GenericRelation and BaseModelAdmin.to_field_allowed.
|
|
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
