Django

Latest version: v5.0.3

Safety actively analyzes 613822 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 25 of 52

2.0.9

Not secure
==========================

*October 1, 2018*

Django 2.0.9 fixes a data loss bug in 2.0.8.

Bugfixes
========

* Fixed a race condition in ``QuerySet.update_or_create()`` that could result
in data loss (:ticket:`29499`).


==========================

2.0.8

Not secure
==========================

*August 1, 2018*

Django 2.0.8 fixes a security issue and several bugs in 2.0.7.

CVE-2018-14574: Open redirect possibility in ``CommonMiddleware``
=================================================================

If the :class:`~django.middleware.common.CommonMiddleware` and the
:setting:`APPEND_SLASH` setting are both enabled, and if the project has a
URL pattern that accepts any path ending in a slash (many content management
systems have such a pattern), then a request to a maliciously crafted URL of
that site could lead to a redirect to another site, enabling phishing and other
attacks.

``CommonMiddleware`` now escapes leading slashes to prevent redirects to other
domains.

Bugfixes
========

* Fixed a regression in Django 2.0.7 that broke the ``regex`` lookup on MariaDB
(even though MariaDB isn't officially supported) (:ticket:`29544`).

* Fixed a regression where ``django.template.Template`` crashed if the
``template_string`` argument is lazy (:ticket:`29617`).


==========================

2.0.7

Not secure
==========================

*July 2, 2018*

Django 2.0.7 fixes several bugs in 2.0.6.

Bugfixes
========

* Fixed admin changelist crash when using a query expression without ``asc()``
or ``desc()`` in the page's ordering (:ticket:`29428`).

* Fixed admin check crash when using a query expression in
``ModelAdmin.ordering`` (:ticket:`29428`).

* Fixed ``__regex`` and ``__iregex`` lookups with MySQL 8 (:ticket:`29451`).

* Fixed migrations crash with namespace packages on Python 3.7
(:ticket:`28814`).


==========================

2.0.6

Not secure
==========================

*June 1, 2018*

Django 2.0.6 fixes several bugs in 2.0.5.

Bugfixes
========

* Fixed a regression that broke custom template filters that use decorators
(:ticket:`29400`).

* Fixed detection of custom URL converters in included patterns
(:ticket:`29415`).

* Fixed a regression that added an unnecessary subquery to the ``GROUP BY``
clause on MySQL when using a ``RawSQL`` annotation (:ticket:`29416`).

* Fixed ``WKBWriter.write()`` and ``write_hex()`` for empty polygons on
GEOS 3.6.1+ (:ticket:`29460`).

* Fixed a regression in Django 1.10 that could result in large memory usage
when making edits using ``ModelAdmin.list_editable`` (:ticket:`28462`).


==========================

2.0.5

Not secure
==========================

*May 1, 2018*

Django 2.0.5 fixes several bugs in 2.0.4.

Bugfixes
========

* Corrected the import paths that ``inspectdb`` generates for
``django.contrib.postgres`` fields (:ticket:`29307`).

* Fixed a regression in Django 1.11.8 where altering a field with a unique
constraint may drop and rebuild more foreign keys than necessary
(:ticket:`29193`).

* Fixed crashes in ``django.contrib.admindocs`` when a view is a callable
object, such as ``django.contrib.syndication.views.Feed`` (:ticket:`29296`).

* Fixed a regression in Django 2.0.4 where ``QuerySet.values()`` or
``values_list()`` after combining an annotated and unannotated queryset with
``union()``, ``difference()``, or ``intersection()`` crashed due to mismatching
columns (:ticket:`29286`).


==========================

2.0.4

Not secure
==========================

*April 2, 2018*

Django 2.0.4 fixes several bugs in 2.0.3.

Bugfixes
========

* Fixed a crash when filtering with an ``Exists()`` annotation of a queryset
containing a single field (:ticket:`29195`).

* Fixed admin autocomplete widget's translations for ``zh-hans`` and
``zh-hant`` languages (:ticket:`29213`).

* Corrected admin's autocomplete widget to add a space after custom classes
(:ticket:`29221`).

* Fixed ``PasswordResetConfirmView`` crash when using a user model with a
``UUIDField`` primary key and the reset URL contains an encoded primary key
value that decodes to an invalid UUID (:ticket:`29206`).

* Fixed a regression in Django 1.11.8 where combining two annotated
``values_list()`` querysets with ``union()``, ``difference()``, or
``intersection()`` crashed due to mismatching columns (:ticket:`29229`).

* Fixed a regression in Django 1.11 where an empty choice could be initially
selected for the ``SelectMultiple`` and ``CheckboxSelectMultiple`` widgets
(:ticket:`29273`).

* Fixed a regression in Django 2.0 where ``OpenLayersWidget`` deserialization
ignored the widget map's SRID and assumed 4326 (WGS84) (:ticket:`29116`).


==========================

Page 25 of 52

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.