SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python313-Django4-4.2.19-1.1.noarch.rpm :

* Tue Feb 11 2025 Markéta Machová - Update to 4.2.19
* Fixed a regression in Django 4.2.18 that caused validate_ipv6_address() and validate_ipv46_address() to crash when handling non-string values
* Sun Jan 26 2025 Bernhard Wiedemann - Add fix2038.patch to let tests pass after year 2038 (boo#1102840)
* Wed Jan 15 2025 Markéta Machová - Update to 4.2.18 (bsc#1235856)
* CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation
* Mon Dec 09 2024 Markéta Machová - Update to 4.2.17 (bsc#1234231, CVE-2024-53908, bsc#1234232, CVE-2024-53907)
* CVE-2024-53907: Potential denial-of-service in django.utils.html.strip_tags()
* CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
* Tue Nov 19 2024 Markéta Machová - Add upstream py313.patch to fix tests on Python 3.13
* Tue Sep 03 2024 Markéta Machová - Update to 4.2.16 (bsc#1229823, bsc#1229824)
* CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-45231: Potential user email enumeration via response status on password reset
* Wed Aug 07 2024 Alberto Planas Dominguez - Update to 4.2.15 (bsc#1228629, bsc#1228630, bsc#1228631, bsc#1228632)
* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
* Fixed a regression in Django 4.2.14 that caused a crash in LocaleMiddleware when processing a language code over 500 characters
* Wed Jul 17 2024 Markéta Machová - Update to 4.2.14
* Django 4.2.14 fixes two security issues with severity “moderate” and two security issues with severity “low\" in 4.2.13
* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize() (bsc#1227590)
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (bsc#1227593)
* CVE-2024-39330: Potential directory-traversal via Storage.save() (bsc#1227594)
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant() (bsc#1227595)
* Tue Jul 16 2024 Georg Pfuetzenreuter - Refactor to python-Django4
* Wed May 08 2024 Alberto Planas Dominguez - Update to 4.2.13 + Django 4.2.13 fixes a packaging error in 4.2.12.- Update to 4.2.12 + Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+. + Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the surrogateescape error handling scheme- Drop fix-safemimetext-set_payload.patch, already merged upstream
* Thu Apr 18 2024 Daniel Garcia - Add fix-safemimetext-set_payload.patch, to support python 3.11.9+ (gh#django/djangoAATTb231bcd19e57, bsc#1222880)
* Mon Mar 04 2024 Alberto Planas Dominguez - Update to 4.2.11 (CVE-2024-27351, bsc#1220358)
* CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
* Fixed a regression in Django 4.2.10 where intcomma template filter could return a leading comma for string representation of floats- Remove python3122.patch, already upstream
* Fri Feb 09 2024 Daniel Garcia - Add python3122.patch to fix tests with python 3.12.2 gh#django/django#17843- Update to 4.2.10 (bsc#1219683, CVE-2024-24680): - Django 4.2.10 fixes a security issue with severity \"moderate\" in 4.2.9. CVE-2024-24680: Potential denial-of-service in intcomma template filter The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
* Thu Jan 04 2024 Alberto Planas Dominguez - Update to 4.2.9:
* Fixed a regression in Django 4.2.8 where admin fields on the same line could overflow the page and become non-interactive
* Mon Dec 04 2023 Alberto Planas Dominguez - Update to 4.2.8
* Fixed a regression in Django 4.2 that caused makemigrations - -check to stop displaying pending migrations
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing other aggregates or window functions through conditional expressions
* Fixed a regression in Django 4.2 that caused a crash when annotating a QuerySet with a Window expressions composed of a partition_by clause mixing field types and aggregation expressions
* Fixed a regression in Django 4.2 where the admin’s change list page had misaligned pagination links and inputs when using list_editable
* Fixed a regression in Django 4.2 where checkboxes in the admin would be centered on narrower screen widths
* Fixed a regression in Django 4.2 that caused a crash of querysets with aggregations on MariaDB when the ONLY_FULL_GROUP_BY SQL mode was enabled
* Fixed a regression in Django 4.2 where the admin’s read-only password widget and some help texts were incorrectly aligned at tablet widths
* Fixed a regression in Django 4.2 that caused a migration crash on SQLite when altering unsupported Meta.db_table_comment
* Mon Nov 27 2023 Dirk Müller - add dirty-hack-remove-assert.patch from fedora to fix minor test failure with python 3.12
* Wed Nov 01 2023 Alberto Planas Dominguez - Update to 4.2.7
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing expressions containing subqueries
* Restored, following a regression in Django 4.2, creating varchar/text_pattern_ops indexes on CharField and TextField with deterministic collations on PostgreSQL
* Mon Oct 16 2023 Daniel Garcia Moreno - Update to 4.2.6 (bsc#1215978, CVE-2023-43665)
* CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator The input processed by Truncator, when operating in HTML mode, has been limited to the first five million characters in order to avoid potential performance and memory issues.
* Fixed a regression in Django 4.2.5 where overriding the deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings in tests caused the main STORAGES to mutate (#34821).
* Fixed a regression in Django 4.2 that caused unnecessary casting of string based fields (CharField, EmailField, TextField, CICharField, CIEmailField, and CITextField) used with the __isnull lookup on PostgreSQL. As a consequence, indexes using an __isnull expression or condition created before Django 4.2 wouldn’t be used by the query planner, leading to a performance regression (#34840).
* Mon Sep 04 2023 Alberto Planas Dominguez - Update to 4.2.5 (CVE-2023-41164) + Bugfixes
* Fixed a regression in Django 4.2 that caused an incorrect validation of CheckConstraints on __isnull lookups against JSONField
* Fixed a bug in Django 4.2 where the deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings were not synced with STORAGES
* Fixed a regression in Django 4.2.2 that caused an unnecessary selection of a non-nullable ManyToManyField without a natural key during serialization
* Fixed a regression in Django 4.2 that caused a crash of a queryset when filtering against deeply nested OuterRef() annotations
* Wed Aug 02 2023 Alberto Planas Dominguez - Update to 4.2.4 + Bugfixes
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing window functions
* Fixed a regression in Django 4.2 that caused a crash when grouping by a reference in a subquery
* Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping by multi-valued annotations to group against the wrong columns
* Tue Jul 18 2023 Markéta Machová - Add upstream sanitize_address.patch
* fixes build with yet another CPython upstream fix (bsc#1210638)
* Mon Jul 10 2023 Alberto Planas Dominguez - Update to 4.2.3 (bsc#1212742, CVE-2023-36053) + CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator + Bugfixes
* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone warnings for DateField and TimeField in the admin
* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows in the admin changelist view when ModelAdmin.list_editable contained a BooleanField
* Fri Jun 09 2023 ecsos - Add %{?sle15_python_module_pythons}
* Tue Jun 06 2023 Alberto Planas Dominguez - Update to 4.2.2 + Bugfixes
* Fixed a regression in Django 4.2 that caused an unnecessary DBMS_LOB.SUBSTR() wrapping in the __isnull and __exact=None lookups for TextField()/BinaryField() on Oracle
* Restored, following a regression in Django 4.2, get_prep_value() call in JSONField subclasses
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.defer() when passing a ManyToManyField or GenericForeignKey reference. While doing so is a no-op, it was allowed in older version
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.only() when passing a reverse OneToOneField reference
* Fixed a bug in Django 4.2 where makemigrations --update didn’t respect the --name option
* Fixed a performance regression in Django 4.2 when compiling queries without ordering
* Fixed a regression in Django 4.2 where nonexistent stylesheet was linked on a “Congratulations!” page
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with expressions referencing other aggregates
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing subqueries
* Fixed a regression in Django 4.2 that caused a crash of querysets on SQLite when filtering on DecimalField against values outside of the defined range
* Fixed a regression in Django 4.2 that caused a serialization crash on a ManyToManyField without a natural key when its Manager’s base QuerySet used select_related()
* Thu May 04 2023 Alberto Planas Dominguez - Update to 4.2.1 + CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field (bsc#1210866) + Bugfixes
* Fixed a regression in Django 4.2 that caused a crash of QuerySet.defer() when deferring fields by attribute names
* Fixed a regression in Django 4.2 that caused a crash of SearchVector function with % characters
* Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping to group against the wrong columns
* Reallowed, following a regression in Django 4.2, setting the \"cursor_factory\" option in OPTIONS on PostgreSQL
* Enforced UTF-8 client encoding on PostgreSQL, following a regression in Django 4.2
* Fixed a regression in Django 4.2 where i18n_patterns() didn’t respect the prefix_default_language argument when a fallback language of the default language was used
* Fixed a regression in Django 4.2 where translated URLs of the default language from i18n_patterns() with prefix_default_language set to False raised 404 errors for a request with a different language
* Fixed a regression in Django 4.2 where creating copies and deep copies of HttpRequest, HttpResponse, and their subclasses didn’t always work correctly
* Fixed a regression in Django 4.2 where timesince and timeuntil template filters returned incorrect results for a datetime with a non-UTC timezone when a time difference is less than 1 day
* Fixed a regression in Django 4.2 that caused a crash of SearchHeadline function with psycopg 3
* Fixed a regression in Django 4.2 that caused incorrect ClearableFileInput margins in the admin
* Fixed a regression in Django 4.2 where breadcrumbs didn’t appear on admin site app index views
* Made squashing migrations reduce AddIndex, RemoveIndex, RenameIndex, and CreateModel operations which allows removing a deprecated Meta.index_together option from historical migrations and use Meta.indexes instead
* Thu Apr 06 2023 David Anes - Update minimal dependency versions.
* Tue Apr 04 2023 David Anes - Update to 4.2: This is just a summary. Full release notes are available at https://docs.djangoproject.com/en/4.2/releases/4.2/ + Psycopg 3 support + Comments on columns and tables + Mitigation for the BREACH attack + In-memory file storage + Custom file storages + For backwards incompatible changes in 4.2 see https://docs.djangoproject.com/en/4.2/releases/4.2/#backwards-incompatible-changes-in-4-2- Update of keyring file
* Tue Feb 14 2023 Alberto Planas Dominguez - Update to 4.1.7: + CVE-2023-24580: Potential denial-of-service vulnerability in file uploads (bsc#1208082) + Fixed a bug in Django 4.1 that caused a crash of model validation on ValidationError with no code
* Wed Feb 01 2023 Alberto Planas Dominguez - Update to 4.1.6: + CVE-2023-23969: Potential denial-of-service via Accept-Language headers Bugfixes + Fixed a bug in Django 4.1 that caused a crash of model validation on UniqueConstraint with ordered expressions
* Mon Jan 02 2023 David Anes - Update to 4.1.5: + Fixed a long standing bug in the __len lookup for ArrayField that caused a crash of model validation on Meta.constraints.- Update keyring file.
* Wed Dec 21 2022 Daniel Garcia - Recommends python-pymemcache instead of the deprecated python-python-memcached. This is the module used in Django since 3.2 https://docs.djangoproject.com/en/3.2/releases/3.2/#pymemcache-support
* Tue Dec 06 2022 Alberto Planas Dominguez - Update to 4.1.4 + Fixed a regression in Django 4.1 that caused an unnecessary table rebuild when adding a ManyToManyField on SQLite + Fixed a bug in Django 4.1 that caused a crash of the sitemap index view with an empty Sitemap.items() and a callable lastmod + Fixed a bug in Django 4.1 that caused a crash using acreate(), aget_or_create(), and aupdate_or_create() asynchronous methods of related managers + Fixed a bug in Django 4.1 that caused a crash of QuerySet.bulk_create() with \"pk\" in unique_fields + Fixed a bug in Django 4.1 that caused a crash of QuerySet.bulk_create() on fields with db_column
* Wed Nov 02 2022 Alberto Planas Dominguez - Update to 4.1.3 + Fixed a bug in Django 4.1 that caused non-Python files created by startproject and startapp management commands from custom templates to be incorrectly formatted using the black command
* Tue Oct 04 2022 Alberto Planas Dominguez - Update to 4.1.2 (bsc#1203793, CVE-2022-41323) + Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL when adding a model with ExclusionConstraint + Fixed a regression in Django 4.1 that caused aggregation over a queryset that contained an Exists annotation to crash due to too many selected columns + Fixed a bug in Django 4.1 that caused an incorrect validation of CheckConstraint on NULL values + Fixed a regression in Django 4.1 that caused a QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg() + Fixed a bug in Django 4.1 that caused ModelAdmin.autocomplete_fields to be incorrectly selected after adding/changing related instances via popups + Fixed a regression in Django 4.1 where the app registry was not populated when running parallel tests with the multiprocessing start method spawn + Fixed a regression in Django 4.1 where the --debug-mode argument to test did not work when running parallel tests with the multiprocessing start method spawn + Fixed a regression in Django 4.1 that didn’t alter a sequence type when altering type of pre-Django 4.1 serial columns on PostgreSQL + Fixed a regression in Django 4.1 that caused a crash for View subclasses with asynchronous handlers when handling non-allowed HTTP methods + Reverted caching related managers for ForeignKey, ManyToManyField, and GenericRelation that caused the incorrect refreshing of related objects + Relaxed the system check added in Django 4.1 for the same name used for multiple template tag modules to a warning
* Mon Sep 05 2022 Alberto Planas Dominguez - Update to 4.1.1 + Reallowed, following a regression in Django 4.1, using GeoIP2() when GEOS is not installed + Fixed a regression in Django 4.1 that caused a crash of admin’s autocomplete widgets when translations are deactivated + Fixed a regression in Django 4.1 that caused a crash of the test management command when running in parallel and multiprocessing start method is spawn + Fixed a regression in Django 4.1 that caused an incorrect redirection to the admin changelist view when using \"Save and continue editing\" and \"Save and add another\" options + Fixed a regression in Django 4.1 that caused a crash of Window expressions with ArrayAgg + Fixed a regression in Django 4.1 that caused a migration crash on SQLite 3.35.5+ when removing an indexed field + Fixed a bug in Django 4.1 that caused a crash of model validation on UniqueConstraint() with field names in expressions + Fixed a bug in Django 4.1 that caused an incorrect validation of CheckConstraint() with range fields on PostgreSQL + Fixed a regression in Django 4.1 that caused an incorrect migration when adding AutoField, BigAutoField, or SmallAutoField on PostgreSQL + Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL when altering AutoField, BigAutoField, or SmallAutoField to OneToOneField + Fixed a migration crash on ManyToManyField fields with through referencing models in different apps + Fixed a regression in Django 4.1 that caused an incorrect migration when renaming a model with ManyToManyField and db_table + Reallowed, following a regression in Django 4.1, creating reverse foreign key managers on unsaved instances + Fixed a regression in Django 4.1 that caused a migration crash on SQLite < 3.20 + Fixed a regression in Django 4.1 that caused an admin crash when the admindocs app was used- Remove 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch (already upstream)- Verify the tarball with gpg
* Wed Aug 03 2022 Alberto Planas Dominguez - Update to 4.1: This is just a summary. Full release notes are available at https://docs.djangoproject.com/en/4.1/releases/4.1/ + Django 4.1 supports Python 3.8, 3.9, and 3.10 + Asynchronous handlers for class-based views + Asynchronous ORM interface + Validation of Constraints + Form rendering accessibility + CSRF_COOKIE_MASKED setting- Drop fix_test_custom_fields_SQLite.patch (already merged)- Add 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch to fix test
* Wed Aug 03 2022 Alberto Planas Dominguez - Update to 4.0.7 (CVE-2022-36359, bsc#1201923): + Django 4.0.7 fixes a security issue with severity “high” in 4.0.6.
* Tue Jul 05 2022 Alberto Planas Dominguez - Update to 4.0.6 + CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
* Thu Jun 02 2022 Alberto Planas Dominguez - Update to 4.0.5 + Fixed a bug in Django 4.0 where not all OPTIONS were passed to a Redis client + Fixed a bug in Django 4.0 that caused a crash of QuerySet.filter() on IsNull() expressions + Fixed a bug in Django 4.0 where a hidden quick filter toolbar in the admin’s navigation sidebar was focusable
* Mon Apr 11 2022 Alberto Planas Dominguez - Update to 4.0.4 + CVE-2022-28346: Potential SQL injection in \"QuerySet.annotate()\", \"aggregate()\", and \"extra()\" + CVE-2022-28347: Potential SQL injection via \"QuerySet.explain(
*
*options)\" on PostgreSQL
* Tue Mar 01 2022 Alberto Planas Dominguez - Update to 4.0.3 + Prevented, following a regression in Django 4.0.1, makemigrations from generating infinite migrations for a model with ManyToManyField to a lowercased swappable model such as \'auth.user\' + Fixed a regression in Django 4.0 that caused a crash when rendering invalid inlines with readonly_fields in the admin
* Tue Feb 01 2022 Alberto Planas Dominguez - Update to 4.0.2 (CVE-2022-22818, bsc#1195086) (CVE-2022-23833, bsc#1195088) + CVE-2022-22818: Possible XSS via {% debug %} template tag + CVE-2022-23833: Denial-of-service possibility in file uploads + Fixed a bug in Django 4.0 where TestCase.captureOnCommitCallbacks() could execute callbacks multiple times + Fixed a regression in Django 4.0 where help_text was HTML-escaped in automatically-generated forms + Fixed a regression in Django 4.0 that caused displaying an incorrect name for class-based views on the technical 404 debug page + Fixed a regression in Django 4.0 that caused an incorrect repr of ResolverMatch for class-based views + Fixed a regression in Django 4.0 that caused a crash of makemigrations on models without Meta.order_with_respect_to but with a field named _order + Fixed a regression in Django 4.0 that caused incorrect ModelAdmin.radio_fields layout in the admin + Fixed a duplicate operation regression in Django 4.0 that caused a migration crash when altering a primary key type for a concrete parent model referenced by a foreign key + Fixed a bug in Django 4.0 that caused a crash of QuerySet.aggregate() after annotate() on an aggregate function with a default + Fixed a regression in Django 4.0 that caused a crash of makemigrations when renaming a field of a renamed model
* Wed Jan 12 2022 Matej Cepl - Add fix_test_custom_fields_SQLite.patch fixing issues with modern SQLite (gh#django/django#15168).
* Mon Jan 10 2022 Alberto Planas Dominguez - Update to 4.0.1 (CVE-2021-45115, CVE-2021-45452, bsc#1194117) + CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator + CVE-2021-45452: Potential directory-traversal via Storage.save() + Fixed a regression in Django 4.0 that caused a crash of assertFormsetError() on a formset named form + Fixed a bug in Django 4.0 that caused a crash on booleans with the RedisCache backend + Relaxed the check added in Django 4.0 to reallow use of a duck-typed HttpRequest in django.views.decorators.cache.cache_control() and never_cache() decorators + Fixed a regression in Django 4.0 that caused creating bogus migrations for models that reference swappable models such as auth.User + Fixed a long standing bug in Geometry Collections and Polygon that caused a crash on some platforms (reported on macOS based on the ARM64 architecture)
  
ICM