Changelog for
python3-Django-1.10.7-58.1.noarch.rpm :
Tue Apr 4 14:00:00 2017 appleonkelAATTopensuse.org
- Update to 1.10.7
Bugfixes
* Made admin’s RelatedFieldWidgetWrapper use the wrapped widget’s
value_omitted_from_data() method (#27905)
* Fixed model form default fallback for SelectMultiple (#27993)
* Fixed ClearableFileInput’s “Clear” checkbox on model form fields where the
model field has a default
* Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than
generating a bad request response
* Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or
IntegerField from DateField
* Fixed query expression date subtraction accuracy on PostgreSQL for differences
large an a month
* Fixed a GDALException raised by GDALClose on GDAL >= 2.0
Fri Jan 6 13:00:00 2017 appleonkelAATTopensuse.org
- update to version 1.10.5:
* Fixed a crash in the debug view if request.user can’t be retrieved,
such as if the database is unavailable (#27567)
* Fixed occasional missing plural forms in JavaScriptCatalog (#27418)
* Fixed a regression in the timesince and timeuntil filters that caused
incorrect results for dates in a leap year (#27637)
* Fixed a regression where collectstatic overwrote newer files in
remote storages (#27658)
Fri Dec 2 13:00:00 2016 appleonkelAATTopensuse.org
- update to version 1.10.4:
* quoted the Oracle test user’s password in queries to fix the “ORA-00922: missing or invalid option” error when the password starts with a number or special character (#27420)
* Fixed incorrect app_label / model_name arguments for allow_migrate() in makemigrations migration consistency checks (#27461)
* Made Model.delete(keep_parents=True) preserve parent reverse relationships in multi-table inheritance (#27407)
* Fixed a QuerySet.update() crash on SQLite when updating a DateTimeField with an F() expression and a timedelta (#27544)
* Prevented LocaleMiddleware from redirecting on URLs that should return 404 when using prefix_default_language=False (#27402)
* Prevented an unnecessary index from being created on an InnoDB ForeignKey when the field was added after the model was created (#27558)
Sat Nov 5 13:00:00 2016 arunAATTgmx.de
- update to version 1.10.3:
* User with hardcoded password created when running tests on Oracle
* DNS rebinding vulnerability when DEBUG=True
* Bugfixes
+ Allowed User.is_authenticated and User.is_anonymous properties
to be tested for set membership (#27309).
+ Fixed a performance regression when running migrate in projects
with RenameModel operations (#27279).
+ Added model_name to the allow_migrate() calls in makemigrations
(#27200).
+ Made the JavaScriptCatalog view respect the packages argument;
previously it was ignored (#27374).
+ Fixed QuerySet.bulk_create() on PostgreSQL when the number of
objects is a multiple plus one of batch_size (#27385).
+ Prevented i18n_patterns() from using too much of the URL as the
language to fix a use case for prefix_default_language=False
(#27063).
+ Replaced a possibly incorrect redirect from SessionMiddleware
when a session is destroyed in a concurrent request with a
SuspiciousOperation to indicate that the request can’t be
completed (#27363).
Sun Oct 2 14:00:00 2016 arunAATTgmx.de
- update to version 1.10.2:
* Fixed a crash in MySQL database validation where SELECT AATTAATTsql_mode
doesn’t return a result (#27180).
* Allowed combining contrib.postgres.search.SearchQuery with more
than one & or | operators (#27143).
* Disabled system check for URL patterns beginning with a ‘/’ when
APPEND_SLASH=False (#27238).
* Fixed model form default fallback for CheckboxSelectMultiple,
MultiWidget, FileInput, SplitDateTimeWidget, SelectDateWidget, and
SplitArrayWidget (#27186). Custom widgets affected by this issue
should implement value_omitted_from_data().
* Fixed a crash in runserver logging during a “Broken pipe” error
(#27271).
* Fixed a regression where unchanged localized date/time fields were
listed as changed in the admin’s model history messages (#27302).
Sat Sep 10 14:00:00 2016 arunAATTgmx.de
- update to version 1.10.1:
* Fixed a crash in MySQL connections where SELECT AATTAATTSQL_AUTO_IS_NULL
doesn’t return a result (#26991).
* Allowed User.is_authenticated and User.is_anonymous properties to
be compared using ==, !=, and | (#26988, #27154).
* Removed the broken BaseCommand.usage() method which was for
optparse support (#27000).
* Fixed a checks framework crash with an empty
Meta.default_permissions (#26997).
* Fixed a regression in the number of queries when using RadioSelect
with a ModelChoiceField form field (#27001).
* Fixed a crash if request.META[\'CONTENT_LENGTH\'] is an empty string
(#27005).
* Fixed the isnull lookup on a ForeignKey with its to_field pointing
to a CharField or pointing to a CharField defined with
primary_key=True (#26983).
* Prevented the migrate command from raising
InconsistentMigrationHistory in the presence of unapplied squashed
migrations (#27004).
* Fixed a regression in Client.force_login() which required
specifying a backend rather than automatically using the first one
if multiple backends are configured (#27027).
* Made QuerySet.bulk_create() properly initialize model instances on
backends, such as PostgreSQL, that support returning the IDs of
the created records so that many-to-many relationships can be used
on the new objects (#27026).
* Fixed crash of django.views.static.serve() with show_indexes
enabled (#26973).
* Fixed ClearableFileInput to avoid the required HTML attribute when
initial data exists (#27037).
* Fixed annotations with database functions when combined with
lookups on PostGIS (#27014).
* Reallowed the {% for %} tag to unpack any iterable (#27058).
* Made makemigrations skip inconsistent history checks on
non-default databases if database routers aren’t in use or if no
apps can be migrated to the database (#27054, #27110, #27142).
* Removed duplicated managers in Model._meta.managers (#27073).
* Fixed contrib.admindocs crash when a view is in a class, such as
some of the admin views (#27018).
* Reverted a few admin checks that checked field.many_to_many back
to isinstance(field, models.ManyToManyField) since it turned out
the checks weren’t suitable to be generalized like that (#26998).
* Added the database alias to the InconsistentMigrationHistory
message raised by makemigrations and migrate (#27089).
* Fixed the creation of ContentType and Permission objects for
models of applications without migrations when calling the migrate
command with no migrations to apply (#27044).
* Included the already applied migration state changes in the Apps
instance provided to the pre_migrate signal receivers to allow
ContentType renaming to be performed on model rename (#27100).
* Reallowed subclassing UserCreationForm without USERNAME_FIELD in
Meta.fields (#27111).
* Fixed a regression in model forms where model fields with a
default that didn’t appear in POST data no longer used the default
(#27039).
Sat Aug 6 14:00:00 2016 arunAATTgmx.de
- update to version 1.10:
(full changelog at https://docs.djangoproject.com/en/1.10/releases/1.10/)
* Highlights are:
+ Full text search for PostgreSQL.
+ New-style middleware to solve the lack of strict
request/response layering of the old-style of middleware.
+ Official support for Unicode usernames.
Sat Apr 2 14:00:00 2016 arunAATTgmx.de
- update to version 1.9.5:
* Made MultiPartParser ignore filenames that normalize to an empty
string to fix crash in MemoryFileUploadHandler on specially
crafted user input (#26325).
* Fixed a race condition in BaseCache.get_or_set() (#26332). It now
returns the default value instead of False if there’s an error
when trying to add the value to the cache.
* Fixed data loss on SQLite where DurationField values with
fractional seconds could be saved as None (#26324).
* The forms in contrib.auth no longer strip trailing and leading
whitespace from the password fields (#26334). The change requires
users who set their password to something with such whitespace
after a site updated to Django 1.9 to reset their password. It
provides backwards-compatibility for earlier versions of Django.
* Fixed a memory leak in the cached template loader (#26306).
* Fixed a regression that caused collectstatic --clear to fail if
the storage doesn’t implement path() (#26297).
* Fixed a crash when using a reverse lookup with a subquery when a
ForeignKey has a to_field set to something other than the primary
key (#26373).
* Fixed a regression in CommonMiddleware that caused spurious
warnings in logs on requests missing a trailing slash (#26293).
* Restored the functionality of the admin’s raw_id_fields in
list_editable (#26387).
* Fixed a regression with abstract model inheritance and explicit
parent links (#26413).
* Fixed a migrations crash on SQLite when renaming the primary key
of a model containing a ForeignKey to \'self\' (#26384).
* Fixed JSONField inadvertently escaping its contents when
displaying values after failed form validation (#25532).
Tue Mar 15 13:00:00 2016 toddrme2178AATTgmail.com
- Make python3-Pillow only a recommends. It is not a hard
requirement, and it doesn\'t work on big-endian architectures.
Mon Mar 7 13:00:00 2016 arunAATTgmx.de
- update to version 1.9.4:
* Django 1.9.4 fixes a regression on Python 2 in the 1.9.3 security
release where utils.http.is_safe_url() crashes on bytestring URLs
(#26308).
Fri Mar 4 13:00:00 2016 arunAATTgmx.de
- update to version 1.9.3:
* CVE-2016-2512: Malicious redirect and possible XSS attack via
user-supplied redirect URLs containing basic auth
* CVE-2016-2513: User enumeration through timing difference on
password hasher work factor upgrade
* Skipped URL checks (new in 1.9) if the ROOT_URLCONF setting isn’t
defined (#26155).
* Fixed a crash on PostgreSQL that prevented using TIME_ZONE=None
and USE_TZ=False (#26177).
* Added system checks for query name clashes of hidden relationships
(#26162).
* Fixed a regression for cases where
ForeignObject.get_extra_descriptor_filter() returned a Q object
(#26153).
* Fixed regression with an __in=qs lookup for a ForeignKey with
to_field set (#26196).
* Made forms.FileField and utils.translation.lazy_number() picklable
(#26212).
* Fixed RangeField and ArrayField serialization with None values
(#26215).
* Fixed a crash when filtering by a Decimal in RawQuery (#26219).
* Reallowed dashes in top-level domain names of URLs checked by
URLValidator to fix a regression in Django 1.8 (#26204).
* Fixed some crashing deprecation shims in SimpleTemplateResponse
that regressed in Django 1.9 (#26253).
* Fixed BoundField to reallow slices of subwidgets (#26267).
* Changed the admin’s “permission denied” message in the login
template to use get_username instead of username to support custom
user models (#26231).
* Fixed a crash when passing a nonexistent template name to the
cached template loader’s load_template() method (#26280).
* Prevented ContentTypeManager instances from sharing their cache
(#26286).
* Reverted a change in Django 1.9.2 (#25858) that prevented relative
lazy relationships defined on abstract models to be resolved
according to their concrete model’s app_label (#26186).
Tue Feb 23 13:00:00 2016 matwey.kornilovAATTgmail.com
- Explicitly require Python >= 3.4 (Django 1.9 supports 3.4 and 3.5 only):
https://docs.djangoproject.com/en/1.9/releases/1.9/#python-compatibility
Wed Feb 3 13:00:00 2016 arunAATTgmx.de
- updated to version 1.9.2:
* Security issue: User with \"change\" but not \"add\" permission can
create objects for ModelAdmin’s with save_as=True
If a ModelAdmin uses save_as=True (not the default), the admin
provides an option when editing objects to \"Save as new\". A
regression in Django 1.9 prevented that form submission from
raising a \"Permission Denied\" error for users without the \"add\"
permission.
* Backwards incompatible change: .py-tpl files
rewritten in project/app templates
The addition of some Django template language syntax to the
default app template in Django 1.9 means those files now have some
invalid Python syntax. This causes difficulties for packaging
systems that unconditionally byte-compile
*.py files.
To remedy this, a .py-tpl suffix is now used for the project and
app template files included in Django. The .py-tpl suffix is
replaced with .py by the startproject and startapp commands. For
example, a template with the filename manage.py-tpl will be
created as manage.py.
Please file a ticket if you have a custom project template
containing .py-tpl files and find this behavior problematic.
Bugfixes
* Fixed a regression in ConditionalGetMiddleware causing
If-None-Match checks to always return HTTP 200 (#26024).
* Fixed a regression that caused the “user-tools” items to display
on the admin’s logout page (#26035).
* Fixed a crash in the translations system when the current language
has no translations (#26046).
* Fixed a regression that caused the incorrect day to be selected
when opening the admin calendar widget for timezones from GMT+0100
to GMT+1200 (#24980).
* Fixed a regression in the admin’s edit related model popup that
caused an escaped value to be displayed in the select dropdown of
the parent window (#25997).
* Fixed a regression in 1.8.8 causing incorrect index handling in
migrations on PostgreSQL when adding db_index=True or unique=True
to a CharField or TextField that already had the other specified,
or when removing one of them from a field that had both, or when
adding unique=True to a field already listed in unique_together
(#26034).
* Fixed a regression where defining a relation on an abstract
model’s field using a string model name without an app_label no
longer resolved that reference to the abstract model’s app if
using that model in another application (#25858).
* Fixed a crash when destroying an existing test database on MySQL
or PostgreSQL (#26096).
* Fixed CSRF cookie check on POST requests when
USE_X_FORWARDED_PORT=True (#26094).
* Fixed a QuerySet.order_by() crash when ordering by a relational
field of a ManyToManyField through model (#26092).
* Fixed a regression that caused an exception when making database
queries on SQLite with more than 2000 parameters when DEBUG is
True on distributions that increase the SQLITE_MAX_VARIABLE_NUMBER
compile-time limit to over 2000, such as Debian (#26063).
* Fixed a crash when using a reverse OneToOneField in
ModelAdmin.readonly_fields (#26060).
* Fixed a crash when calling the migrate command in a test case with
the available_apps attribute pointing to an application with
migrations disabled using the MIGRATION_MODULES setting (#26135).
* Restored the ability for testing and debugging tools to determine
the template from which a node came from, even during template
inheritance or inclusion. Prior to Django 1.9, debugging tools
could access the template origin from the node via
Node.token.source[0]. This was an undocumented, private API. The
origin is now available directly on each node using the
Node.origin attribute (#25848).
* Fixed a regression in Django 1.8.5 that broke copying a
SimpleLazyObject with copy.copy() (#26122).
* Always included geometry_field in the GeoJSON serializer output
regardless of the fields parameter (#26138).
* Fixed the contrib.gis map widgets when using
USE_THOUSAND_SEPARATOR=True (#20415).
* Made invalid forms display the initial of values of their disabled
fields (#26129).
Tue Jan 12 13:00:00 2016 arunAATTgmx.de
- update to version 1.9.1:
* Fixed BaseCache.get_or_set() with the DummyCache backend (#25840).
* Fixed a regression in FormMixin causing forms to be validated
twice (#25548, #26018).
* Fixed a system check crash with nested ArrayFields (#25867).
* Fixed a state bug when migrating a SeparateDatabaseAndState
operation backwards (#25896).
* Fixed a regression in CommonMiddleware causing If-None-Match
checks to always return HTTP 200 (#25900).
* Fixed missing varchar/text_pattern_ops index on CharField and
TextField respectively when using AlterField on PostgreSQL
(#25412).
* Fixed admin’s delete confirmation page’s summary counts of related
objects (#25883).
* Added from __future__ import unicode_literals to the default
apps.py created by startapp on Python 2 (#25909). Add this line to
your own apps.py files created using Django 1.9 if you want your
migrations to work on both Python 2 and Python 3.
* Prevented QuerySet.delete() from crashing on MySQL when querying
across relations (:ticket`25882`).
* Fixed evaluation of zero-length slices of QuerySet.values()
(#25894).
* Fixed a state bug when using an AlterModelManagers operation
(#25852).
* Fixed TypedChoiceField change detection with nullable fields
(#25942).
* Fixed incorrect timezone warnings in custom admin templates that
don’t have a data-admin-utc-offset attribute in the body
tag. (#25845).
* Fixed a regression which prevented using a language not in
Django’s default language list (LANGUAGES) (#25915).
* Avoided hiding some exceptions, like an invalid INSTALLED_APPS
setting, behind AppRegistryNotReady when starting runserver
(#25510). This regression appeared in 1.8.5 as a side effect of
fixing #24704 and by mistake the fix wasn’t applied to the
stable/1.9.x branch.
* Fixed migrate --fake-initial detection of many-to-many tables
(#25922).
* Restored the functionality of the admin’s list_editable add and
change buttons (#25903).
* Fixed isnull query lookup for ForeignObject (#25972).
* Fixed a regression in the admin which ignored line breaks in
read-only fields instead of converting them to
(#25465).
* Fixed incorrect object reference in
SingleObjectMixin.get_context_object_name() (#26006).
* Made loaddata skip disabling and enabling database constraints
when it doesn’t load any fixtures (#23372).
* Restored contrib.auth hashers compatibility with py-bcrypt
(#26016).
* Fixed a crash in QuerySet.values()/values_list() after an
annotate() and order_by() when values()/values_list() includes a
field not in the order_by() (#25316).
Sat Dec 5 13:00:00 2015 arunAATTgmx.de
- update to version 1.9:
* long list of changes, please see: https://docs.djangoproject.com/en/1.9/releases/1.9/
Sun Aug 23 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.4:
* Denial-of-service possibility in logout() view by filling session
store
Previously, a session could be created when anonymously accessing
the django.contrib.auth.views.logout() view (provided it wasn’t
decorated with login_required() as done in the admin). This could
allow an attacker to easily create many new session records by
sending repeated requests, potentially filling up the session
store or causing other users’ session records to be evicted.
The SessionMiddleware has been modified to no longer create empty
session records.
* Bugfixes
+ Added the ability to serialize values from the newly added
UUIDField (#25019).
+ Added a system check warning if the old TEMPLATE_
* settings are
defined in addition to the new TEMPLATES setting.
+ Fixed QuerySet.raw() so InvalidQuery is not raised when using the
db_column name of a ForeignKey field with primary_key=True
(#12768).
+ Prevented an exception in TestCase.setUpTestData() from leaking
the transaction (#25176).
+ Fixed has_changed() method in contrib.postgres.forms.HStoreField
(#25215, #25233).
+ Fixed the recording of squashed migrations when running the
migrate command (#25231).
+ Moved the unsaved model instance assignment data loss check to
Model.save() to allow easier usage of in-memory models (#25160).
+ Prevented varchar_patterns_ops and text_patterns_ops indexes for
ArrayField (#25180).
Mon Jul 13 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.3:
* Django 1.8.3 fixes several security issues and bugs in 1.8.2.
* bugfixes
+ Fixed BaseRangeField.prepare_value() to use each base_field’s
prepare_value() method (#24841).
+ Fixed crash during makemigrations if a migrations module either
is missing __init__.py or is a file (#24848).
+ Fixed QuerySet.exists() returning incorrect results after
annotation with Count() (#24835).
+ Corrected HStoreField.has_changed() (#24844).
+ Reverted an optimization to the CSRF template context processor
which caused a regression (#24836).
+ Fixed a regression which caused template context processors to
overwrite variables set on a RequestContext after it’s created
(#24847).
+ Prevented the loss of null/not null column properties during
field renaming of MySQL databases (#24817).
+ Fixed a crash when using a reverse one-to-one relation in
ModelAdmin.list_display (#24851).
+ Fixed quoting of SQL when renaming a field to AutoField in
PostgreSQL (#24892).
+ Fixed lack of unique constraint when changing a field from
primary_key=True to unique=True (#24893).
+ Fixed queryset pickling when using prefetch_related() after
deleting objects (#24831).
+ Allowed using choices longer than 1 day with DurationField
(#24897).
+ Fixed a crash when loading squashed migrations from two apps
with a dependency between them, where the dependent app’s replaced
migrations are partially applied (#24895).
+ Fixed recording of applied status for squashed (replacement)
migrations (#24628).
+ Fixed queryset annotations when using Case expressions with
exclude() (#24833).
+ Corrected join promotion for multiple Case
expressions. Annotating a query with multiple Case expressions
could unexpectedly filter out results (#24924).
+ Fixed usage of transforms in subqueries (#24744).
+ Fixed SimpleTestCase.assertRaisesMessage() on Python 2.7.10
(#24903).
+ Provided better backwards compatibility for the verbosity
argument in optparse management commands by casting it to an
integer (#24769).
+ Fixed prefetch_related() on databases other than PostgreSQL for
models using UUID primary keys (#24912).
+ Fixed removing unique_together constraints on MySQL (#24972).
+ Fixed crash when uploading images with MIME types that Pillow
doesn’t detect, such as bitmap, in forms.ImageField (#24948).
+ Fixed a regression when deleting a model through the admin that
has a GenericRelation with a related_query_name (#24940).
+ Reallowed non-ASCII values for ForeignKey.related_name on Python
3 by fixing the false positive system check (#25016).
+ Fixed inline forms that use a parent object that has a UUIDField
primary key and a child object that has an AutoField primary key
(#24958).
+ Fixed a regression in the unordered_list template filter on
certain inputs (#25031).
+ Fixed a regression in URLValidator that invalidated Punycode
TLDs (#25059).
+ Improved pyinotify runserver polling (#23882).
Sun May 24 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.2:
* security fix
+ Fixed session flushing in the cached_db backend
* bugfixes
+ Fixed check for template engine alias uniqueness (#24685).
+ Fixed crash when reusing the same Case instance in a query
(#24752).
+ Corrected join promotion for Case expressions. For example,
annotating a query with a Case expression could unexpectedly
filter out results (#24766).
+ Fixed negated Q objects in expressions. Cases like
Case(When(~Q(friends__age__lte=30))) tried to generate a subquery
which resulted in a crash (#24705).
+ Fixed incorrect GROUP BY clause generation on MySQL when the
query’s model has a self-referential foreign key (#24748).
+ Implemented ForeignKey.get_db_prep_value() so that ForeignKeys
pointing to UUIDField and inheritance on models with UUIDField
primary keys work correctly (#24698, #24712).
+ Fixed isnull lookup for HStoreField (#24751).
+ Fixed a MySQL crash when a migration removes a combined index
(unique_together or index_together) containing a foreign key
(#24757).
+ Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
(#24799).
+ On PostgreSQL, when no access is granted for the postgres
database, Django now falls back to the default database when it
normally requires a “no database” connection (#24791).
+ Fixed display of contrib.admin’s ForeignKey widget when it’s used
in a row with other fields (#24784).
Sat May 9 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.1:
* Added support for serializing timedelta objects in migrations
(#24566).
* Restored proper parsing of the testserver command’s positional
arguments (fixture names) (#24571).
* Prevented TypeError in translation functions check_for_language()
and get_language_bidi() when translations are deactivated
(#24569).
* Fixed squashmigrations command when using SeparateDatabaseAndState
(#24278).
* Stripped microseconds from datetime values when using an older
version of the MySQLdb DB API driver as it does not support
fractional seconds (#24584).
* Fixed a migration crash when altering ManyToManyFields (#24513)
* Fixed a crash with QuerySet.update() on foreign keys to one-to-one
fields (#24578).
* Fixed a regression in the model detail view of admindocs when a
model has a reverse foreign key relation (#24624).
* Prevented arbitrary file inclusions in admindocs (#24625).
* Fixed a crash with QuerySet.update() on foreign keys to instances
with uuid primary keys (#24611).
* Fixed database introspection with SQLite 3.8.9 (released April 8,
2015) (#24637).
* Updated urlpatterns examples generated by startproject to remove
usage of referencing views by dotted path in url() which is
deprecated in Django 1.8 (#24635).
* Fixed queries where an expression was referenced in order_by(),
but wasn’t part of the select clause. An example query is
qs.annotate(foo=F(\'field\')).values(\'pk\').order_by(\'foo\'))
(#24615).
* Fixed a database table name quoting regression (#24605).
* Prevented the loss of null/not null column properties during field
alteration of MySQL databases (#24595).
* Fixed JavaScript path of contrib.admin’s related field widget when
using alternate static file storages (#24655).
* Fixed a migration crash when adding new relations to models
(#24573).
* Fixed a migration crash when applying migrations with model
managers on Python 3 that were generated on Python 2 (#24701).
* Restored the ability to use iterators as queryset filter arguments
(#24719).
* Fixed a migration crash when renaming the target model of a
many-to-many relation (#24725).
* Removed flushing of the test database with --keepdb, which
prevented apps with data migrations from using the option
(#24729).
* Fixed makemessages crash in some locales (#23271).
* Fixed help text positioning of contrib.admin fields that use the
ModelAdmin.filter_horizontal and filter_vertical options (#24676).
* Fixed AttributeError: function ‘GDALAllRegister’ not found error
when initializing contrib.gis on Windows.
* Changed ModelState to deepcopy fields instead of deconstructing and
reconstructing (#24591). This speeds up the rendering of model
states and reduces memory usage when running manage.py migrate.
Fri Apr 3 14:00:00 2015 arunAATTgmx.de
- update to version 1.8:
* long list of changes, please see: https://docs.djangoproject.com/en/1.8/releases/1.8/
Thu Jan 15 13:00:00 2015 arunAATTgmx.de
- update to version 1.7.3:
* security issues
+ WSGI header spoofing via underscore/dash conflation
+ Mitigated possible XSS attack via user-supplied redirect URLs
+ Denial-of-service attack against \"django.views.static.serve\"
+ Database denial-of-service with \"ModelMultipleChoiceField\"
* bugfixes
+ The default iteration count for the PBKDF2 password hasher has
been increased by 25%. This part of the normal major release
process was inadvertently omitted in 1.7. This backwards
compatible change will not affect users who have subclassed
\"django.contrib.auth.hashers.PBKDF2PasswordHasher\" to change
the default value.
+ Fixed a crash in the CSRF middleware when handling non-ASCII
referer header (:ticket:\'23815\').
+ Fixed a crash in the \"django.contrib.auth.redirect_to_login\"
view when passing a
:func:\'~django.core.urlresolvers.reverse_lazy\' result on Python
3 (:ticket:\'24097\').
+ Added correct formats for Greek (\"el\") (:ticket:\'23967\').
+ Fixed a migration crash when unapplying a migration where
multiple operations interact with the same model (:ticket:\'24110\').
Sun Jan 11 13:00:00 2015 p.drouandAATTgmail.com
- South has been merged in main Django; provide and obsolete it
Sun Jan 4 13:00:00 2015 arunAATTgmx.de
- specfile: update copyright year
- update to version 1.7.2:
* Fixed migration\'s renaming of auto-created many-to-many tables
when changing :attr:Meta.db_table
(:ticket:23630).
* Fixed a migration crash when adding an explicit \"id\" field to a
model on SQLite (:ticket:23702).
* Added a warning for duplicate models when a module is
reloaded. Previously a \"RuntimeError\" was raised every time two
models clashed in the app registry. (:ticket:23621).
* Prevented :djadmin:flush from loading initial data for migrated apps
(:ticket:23699).
* Fixed a :djadmin:makemessages regression in 1.7.1 when
:setting:STATIC_ROOT has the default \"None\" value (:ticket:23717).
* Added GeoDjango compatibility with mysqlclient database driver.
* Fixed MySQL 5.6+ crash with \"GeometryField\"\\s in migrations
(:ticket:23719).
* Fixed a migration crash when removing a field that is referenced in
\"AlterIndexTogether\" or \"AlterUniqueTogether\" (:ticket:23614).
* Updated the first day of the week in the Ukrainian locale to Monday.
* Added support for transactional spatial metadata initialization on
SpatiaLite 4.1+ (:ticket:23152).
* Fixed a migration crash that prevented changing a nullable field with a
default to non-nullable with the same default (:ticket:23738).
* Fixed a migration crash when adding \"GeometryField\"\\s with
\"blank=True\" on PostGIS (:ticket:23731).
* Allowed usage of \"DateTimeField()\" as \"Transform.output_field\"
(:ticket:23420).
* Fixed a migration serializing bug involving \"float(\"nan\")\" and
\"float(\"inf\")\" (:ticket:23770).
* Fixed a regression where custom form fields having a \"queryset\"
attribute but no \"limit_choices_to\" could not be used in a
:class:~django.forms.ModelForm (:ticket:23795).
* Fixed a custom field type validation error with MySQL backend when
\"db_type\" returned \"None\" (:ticket:23761).
* Fixed a migration crash when a field is renamed that is part of an
\"index_together\" (:ticket:23859).
* Fixed :djadmin:squashmigrations to respect the \"--no-optimize\"
parameter (:ticket:23799).
* Made :class:~django.db.migrations.operations.RenameModel reversible
(:ticket:22248)
* Avoided unnecessary rollbacks of migrations from other apps when
migrating backwards (:ticket:23410).
* Fixed a rare query error when using deeply nested subqueries
(:ticket:23605).
* Fixed a crash in migrations when deleting a field that is part of a
\"index/unique_together\" constraint (:ticket:23794).
* Fixed \"django.core.files.File.__repr__()\" when the file\'s \"name\"
contains Unicode characters (:ticket:23888).
* Added missing context to the admin\'s \"delete_selected\" view that
prevented custom site header, etc. from appearing (:ticket:23898).
* Fixed a regression with dynamically generated inlines and allowed
field references in the admin (:ticket:23754).
* Fixed an infinite loop bug for certain cyclic migration
dependencies, and made the error message for cyclic dependencies
much more helpful.
* Added missing \"index_together\" handling for SQLite (:ticket:23880).
* Fixed a crash when \"RunSQL\" SQL content was collected by the schema
editor, typically when using \"sqlmigrate\" (:ticket:23909).
* Fixed a regression in \"contrib.admin\" add/change views which caused
some \"ModelAdmin\" methods to receive the incorrect \"obj\" value
(:ticket:23934).
* Fixed \"runserver\" crash when socket error message contained Unicode
characters (:ticket:23946).
* Fixed serialization of \"type\" when adding a \"deconstruct()\" method
(:ticket:23950).
* Prevented the
:class:~django.contrib.auth.middleware.SessionAuthenticationMiddleware
from setting a \"\"Vary: Cookie\"\" header on all responses
(:ticket:23939).
* Fixed a crash when adding \"blank=True\" to \"TextField()\" on MySQL
(:ticket:23920).
* Fixed index creation by the migration infrastructure, particularly
when dealing with PostgreSQL specific \"{text|varchar}_pattern_ops\"
indexes (:ticket:23954).
* Fixed bug in \"makemigrations\" that created broken migration files
when dealing with multiple table inheritance and inheriting from
more than one model (:ticket:23956).
* Fixed a crash when a \"MultiValueField\" has invalid data
(:ticket:23674).
* Fixed a crash in the admin when using \"Save as new\" and also
deleting a related inline (:ticket:23857).
* Always converted \"related_name\" to text (unicode), since that is
required on Python 3 for interpolation. Removed conversion of
\"related_name\" to text in migration deconstruction (:ticket:23455
and :ticket:23982).
* Enlarged the sizes of tablespaces which are created by default for
testing on Oracle (the main tablespace was increased from 200M to
300M and the temporary tablespace from 100M to 150M). This was
required to accommodate growth in Django\'s own test suite
(:ticket:23969).
* Fixed \"timesince\" filter translations in Korean (:ticket:23989).
* Fixed the SQLite \"SchemaEditor\" to properly add defaults in the
absence of a user specified \"default\". For example, a \"CharField\"
with \"blank=True\" didn\'t set existing rows to an empty string which
resulted in a crash when adding the \"NOT NULL\" constraint
(:ticket:23987).
* \"makemigrations\" no longer prompts for a default value when adding
\"TextField()\" or \"CharField()\" without a \"default\" (:ticket:23405).
* Fixed a migration crash when adding \"order_with_respect_to\" to a
table with existing rows (:ticket:23983).
* Restored the \"pre_migrate\" signal if all apps have migrations
(:ticket:23975).
* Made admin system checks run for custom \"AdminSite\"\\s
(:ticket:23497).
* Ensured the app registry is fully populated when unpickling
models. When an external script (like a queueing infrastructure)
reloads pickled models, it could crash with an \"AppRegistryNotReady\"
exception (:ticket:24007).
* Added quoting to field indexes in the SQL generated by migrations to
prevent a crash when the index name requires it (:ticket:#24015).
* Added \"datetime.time\" support to migrations questioner
(:ticket:23998).
* Fixed admindocs crash on apps installed as eggs (:ticket:23525).
* Changed migrations autodetector to generate an \"AlterModelOptions\"
operation instead of \"DeleteModel\" and \"CreateModel\" operations when
changing \"Meta.managed\". This prevents data loss when changing
\"managed\" from \"False\" to \"True\" and vice versa (:ticket:24037).
* Enabled the \"sqlsequencereset\" command on apps with migrations
(:ticket:24054).
* Added tablespace SQL to apps with migrations (:ticket:24051).
* Corrected \"contrib.sites\" default site creation in a multiple
database setup (:ticket:24000).
* Restored support for objects that aren\'t :class:str or :class:bytes
in :func:~django.utils.safestring.mark_for_escaping on Python 3.
* Supported strings escaped by third-party libraries with the
\"__html__\" convention in the template engine (:ticket:23831).
* Prevented extraneous \"DROP DEFAULT\" SQL in migrations (:ticket:23581).
* Restored the ability to use more than five levels of subqueries
(:ticket:23758).
* Fixed crash when \"ValidationError\" is initialized with a
\"ValidationError\" that is initialized with a dictionary
(:ticket:24008).
* Prevented a crash on apps without migrations when running \"migrate
- -list\" (:ticket:23366).
Sat Nov 15 13:00:00 2014 arunAATTgmx.de
- Update to Django 1.7.1
* Allowed related many-to-many fields to be referenced in the admin
(#23604).
* Added a more helpful error message if you try to migrate an app
without first creating the contenttypes table (#22411).
* Modified migrations dependency algorithm to avoid possible
infinite recursion.
* Fixed a UnicodeDecodeError when the flush error message contained
Unicode characters (#22882).
* Reinstated missing CHECK SQL clauses which were omitted on some
backends when not using migrations (#23416).
* Fixed serialization of type objects in migrations (#22951).
* Allowed inline and hidden references to admin fields (#23431).
* The AATTdeconstructible decorator now fails with a ValueError if the
decorated object cannot automatically be imported (#23418).
* Fixed a typo in an inlineformset_factory() error message that
caused a crash (#23451).
* Restored the ability to use ABSOLUTE_URL_OVERRIDES with the
\'auth.User\' model (#11775). As a side effect, the setting now adds
a get_absolute_url() method to any model that appears in
ABSOLUTE_URL_OVERRIDES but doesn’t define get_absolute_url().
* Avoided masking some ImportError exceptions during application
loading (#22920).
* Empty index_together or unique_together model options no longer
results in infinite migrations (#23452).
* Fixed crash in contrib.sitemaps if lastmod returned a date rather
than a datetime (#23403).
* Allowed migrations to work with app_labels that have the same last
part (e.g. django.contrib.auth and vendor.auth) (#23483).
* Restored the ability to deepcopy F objects (#23492).
* Formats for Welsh (cy) and several Chinese locales (zh_CN,
zh_Hans, zh_Hant and zh_TW) have been added. Formats for
Macedonian have been fixed (trailing dot removed, #23532).
* Added quoting of constraint names in the SQL generated by
migrations to prevent crash with uppercase characters in the name
(#23065).
* Fixed renaming of models with a self-referential many-to-many
field (ManyToManyField(\'self\')) (#23503).
* Added the get_extra(), get_max_num(), and get_min_num() hooks to
GenericInlineModelAdmin (#23539).
* Made migrations.RunSQL no longer require percent sign
escaping. This is now consistent with cursor.execute() (#23426).
* Made the SERIALIZE entry in the TEST dictionary usable (#23421).
* Fixed bug in migrations that prevented foreign key constraints to
unmanaged models with a custom primary key (#23415).
* Added SchemaEditor for MySQL GIS backend so that spatial indexes
will be created for apps with migrations (#23538).
* Added SchemaEditor for Oracle GIS backend so that spatial metadata
and indexes will be created for apps with migrations (#23537).
* Coerced the related_name model field option to unicode during
migration generation to generate migrations that work with both
Python 2 and 3 (#23455).
* Fixed MigrationWriter to handle builtin types without imports
(#23560).
* Fixed deepcopy on ErrorList (#23594).
* Made the admindocs view to browse view details check if the view
specified in the URL exists in the URLconf. Previously it was
possible to import arbitrary packages from the Python path. This
was not considered a security issue because admindocs is only
accessible to staff users (#23601).
* Fixed UnicodeDecodeError crash in AdminEmailHandler with non-ASCII
characters in the request (#23593).
* Fixed missing get_or_create and update_or_create on related
managers causing IntegrityError (#23611).
* Made urlsafe_base64_decode() return the proper type (byte string)
on Python 3 (#23333).
* makemigrations can now serialize timezone-aware values (#23365).
* Added a prompt to the migrations questioner when removing the null
constraint from a field to prevent an IntegrityError on existing
NULL rows (#23609).
* Fixed generic relations in ModelAdmin.list_filter (#23616).
* Restored RFC compliance for the SMTP backend on Python 3 (#23063).
* Fixed a crash while parsing cookies containing invalid content
(#23638).
* The system check framework now raises error models.E020 when the
class method Model.check() is unreachable (#23615).
* Made the Oracle test database creation drop the test user in the
event of an unclean exit of a previous test run (#23649).
* Fixed makemigrations to detect changes to Meta.db_table (#23629).
* Fixed a regression when feeding the Django test client with an
empty data string (#21740).
* Fixed a regression in makemessages where static files were
unexpectedly ignored (#23583).
- Changes from version 1.7
* A new built-in database migration system. Notes on upgrading from
South (a popular third
*party application providing migration
functionality) are also available.
* A refactored concept of Django applications. Django applications
are no longer tied to the existence of a models files, and can now
specify both configuration data and code to be executed as Django
starts up.
* Improvements to the model Field API to support migrations and, in
the future, to enable easy addition of composite-key support to
Django\'s ORM.
* Improvements for custom Manager and QuerySet classes, allowing
reverse relationship traversal to specify the Manager to use, and
creation of a Manager from a custom QuerySet class.
* An extensible system check framework which can assist developers
in detecting and diagnosing errors.
Please refer to the release notes for all details and migration
instructions:
https://docs.djangoproject.com/en/1.7/releases/1.7/
- Added python-setuptools as a BuildRequires.
- Fixed Source URL from Django Project site.
- Reordered sources.
- Fixed deduplication to avoid wrong mtimes in pyc files.
- Changes from version 1.6.5 :
+ Unexpected code execution using reverse()
+ Caching of anonymous pages could reveal CSRF token
+ MySQL typecasting
+ select_for_update() requires a transaction
+ Issue: Caches may incorrectly be allowed to store and serve private data
+ Issue: Malformed redirect URLs from user input not correctly validated
- Changes from version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES[\'default\'][\'AUTOCOMMIT\'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
- Changes from version 1.6.1:
- Most bug fixes are minor; you can find a complete list in the Django 1.6.1
release notes.
Thu Jul 31 14:00:00 2014 dimstarAATTopensuse.org
- Rename rpmlintrc to %{name}-rpmlintrc.
Follow the packaging guidelines.
Fri Feb 14 13:00:00 2014 speilickeAATTsuse.com
- Fix update-alternatives (again)
Tue Nov 19 13:00:00 2013 speilickeAATTsuse.com
- Update-alternatives also for bash-completion
Thu Nov 7 13:00:00 2013 speilickeAATTsuse.com
- Require python-Pillow for image-related functionality
- Package was renamed from python-django
- Drop Django-1.2-completion-only-for-bash.patch: Useless
Tue Nov 5 13:00:00 2013 alexandreAATTexatati.com.br
- Update to version 1.6:
- Please read the release notes
https://docs.djangoproject.com/en/1.6/releases/1.6
- Removed Patch2 as it is no needed anymore:
Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch
Tue Sep 17 14:00:00 2013 speilickeAATTsuse.com
- Update to version 1.5.4:
+ Fixed denial-of-service via large passwords
- Changes from version 1.5.3:
+ Fixed directory traversal with ssi template tag
Wed Aug 14 14:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.2:
- Security release, please check release notes for details:
https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
Thu Mar 28 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.1:
- Memory leak fix, please read release announcement at
https://www.djangoproject.com/weblog/2013/mar/28/django-151.
Tue Feb 26 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5:
- Please read the release notes
https://docs.djangoproject.com/en/1.5/releases/1.5
Tue Dec 11 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security
Sat Oct 20 14:00:00 2012 saschpeAATTsuse.de
- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin
Wed Oct 17 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security
Mon Jul 30 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
Tue Jun 19 14:00:00 2012 saschpeAATTsuse.de
- Add patch to support CSRF_COOKIE_HTTPONLY config
Fri Mar 23 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4:
- Please read the release notes
https://docs.djangoproject.com/en/dev/releases/1.4
- Removed Patch2, it was merged on upstream,
Thu Nov 24 13:00:00 2011 saschpeAATTsuse.de
- Set license to SDPX style (BSD-3-Clause)
- Package AUTHORS, LICENE and README files
- No CFLAGS for noarch package
- Drop runtime dependency on gettext-tools
Sat Sep 10 14:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3.1 to fix security issues, please read
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.
Thu Mar 31 14:00:00 2011 alexandreAATTexatati.com.br
- Fix build on SLES_9.
Wed Mar 23 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3 final;
- Refresh patch empty-ip-2.diff.
Fri Mar 18 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3-rc1;
- Regenerated spec file with py2pack;
- No more need to fix wrong line endings;
- Refresh patch empty-ip-2.diff with -p0.
Thu Mar 3 13:00:00 2011 saschpeAATTsuse.de
- Spec file cleanup:
* Removed empty lines, package authors from description
* Cleanup duplicates
* Corrected wrong file endings
* Added zero-length rpmlint filter
- Added AUTHORS, LICENSE and doc files
Wed Feb 9 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.2.5:
- This is a security update that fix:
- Flaw in CSRF handling;
- Potential XSS in file field rendering.
Thu Dec 23 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.4:
- Information leakage in Django administrative interface;
- Denial-of-service attack in password-reset mechanism.
- This is a mandatory security update.
Sat Sep 11 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.3:
- The patch applied for the security issue covered in Django
1.2.2 caused issues with non-ASCII responses using CSRF
tokens. This has been remedied;
- The patch also caused issues with some forms, most notably
the user-editing forms in the Django administrative interface.
This has been remedied.
- The packaging manifest did not contain the full list of
required files. This has been remedied.
Thu Sep 9 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.2.
- This is a ciritical security update fixing a default XSS bug!
Fri Jul 9 14:00:00 2010 jfunkAATTfunktronics.ca
- Added patch to fix upstream bug 5622: Empty ipaddress raises an error
Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.1.
Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.
Thu May 6 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-rc-1.
Mon Apr 5 14:00:00 2010 alexandreAATTexatati.com.br
- Spec file cleaned with spec-cleaner;
- Minor manual adjusts on spec file.
Thu Mar 18 13:00:00 2010 alexandreAATTexatati.com.br
- Moved autocomplete file path from /etc/profile.d to
/etc/bash_completion.d. Then it works with konsole too.
Mon Mar 15 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-beta-1;
- Using -q option on prep section of spec file;
- Using INSTALLED_FILES instead of declaring files;
- Removed dummy changelog section of spec file;
- Update completion bash patch.
Sun Oct 11 14:00:00 2009 nixAATTopensuse.org
- Update to 1.1.1 due to security issue described at
http://www.djangoproject.com/weblog/2009/oct/09/security/
Sat Oct 10 14:00:00 2009 alexandreAATTexatati.com.br
- Removed old tarball file (Django-1.1.tar.bz2).
Tue Aug 25 14:00:00 2009 garloffAATTsuse.de
- Fix python version check.
Sat Aug 22 14:00:00 2009 garloffAATTsuse.de
- Don\'t require python-sqlite2 for python >= 2.6.
Fri Aug 21 14:00:00 2009 garloffAATTsuse.de
- Build as noarch on factory.
Wed Aug 19 14:00:00 2009 poemlAATTsuse.de
- don\'t run bash completion on shells other than bash. Avoiding
error messages produced at login when using other shells.
Fri Aug 14 14:00:00 2009 alexandreAATTexatati.com.br
- Added bash auto-complete to openSUSE.
Tue Jul 28 14:00:00 2009 listuserAATTpeternixon.net
- update to version 1.1
- add python-django-rpmlintrc to quiet rpmlint complaints about -lang
Wed Jul 1 14:00:00 2009 poemlAATTsuse.de
- add python-xml to the Requires (./manage.py syncdb crashes
otherwise)