Workflow

Django

Latest version: v5.0.4

Safety actively analyzes 619345 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 30 of 52

1.11.9

Not secure
===========================

*January 1, 2018*

Django 1.11.9 fixes several bugs in 1.11.8.

Bugfixes
========

* Fixed a regression in Django 1.11 that added newlines between ``MultiWidget``'s
subwidgets (:ticket:`28890`).

* Fixed incorrect class-based model index name generation for models with
quoted ``db_table`` (:ticket:`28876`).

* Fixed incorrect foreign key constraint name for models with quoted
``db_table`` (:ticket:`28876`).

* Fixed a regression in caching of a ``GenericForeignKey`` when the referenced
model instance uses more than one level of multi-table inheritance
(:ticket:`28856`).


===========================

1.11.8

Not secure
===========================

*December 2, 2017*

Django 1.11.8 fixes several bugs in 1.11.7.

Bugfixes
========

* Reallowed, following a regression in Django 1.10, ``AuthenticationForm`` to
raise the inactive user error when using ``ModelBackend`` (:ticket:`28645`).

* Added support for ``QuerySet.values()`` and ``values_list()`` for
``union()``, ``difference()``, and ``intersection()`` queries
(:ticket:`28781`).

* Fixed incorrect index name truncation when using a namespaced ``db_table``
(:ticket:`28792`).

* Made ``QuerySet.iterator()`` use server-side cursors on PostgreSQL after
``values()`` and ``values_list()`` (:ticket:`28817`).

* Fixed crash on SQLite and MySQL when ordering by a filtered subquery that
uses ``nulls_first`` or ``nulls_last`` (:ticket:`28848`).

* Made query lookups for ``CICharField``, ``CIEmailField``, and ``CITextField``
use a ``citext`` cast (:ticket:`28702`).

* Fixed a regression in caching of a ``GenericForeignKey`` when the referenced
model instance uses multi-table inheritance (:ticket:`28856`).

* Fixed "Cannot change column 'x': used in a foreign key constraint" crash on
MySQL with a sequence of ``AlterField`` and/or ``RenameField`` operations in
a migration (:ticket:`28305`).


===========================

1.11.7

Not secure
===========================

*November 1, 2017*

Django 1.11.7 fixes several bugs in 1.11.6.

Bugfixes
========

* Prevented ``cache.get_or_set()`` from caching ``None`` if the ``default``
argument is a callable that returns ``None`` (:ticket:`28601`).

* Fixed the Basque ``DATE_FORMAT`` string (:ticket:`28710`).

* Made ``QuerySet.reverse()`` affect ``nulls_first`` and ``nulls_last``
(:ticket:`28722`).

* Fixed unquoted table names in ``Subquery`` SQL when using ``OuterRef``
(:ticket:`28689`).


===========================

1.11.6

Not secure
===========================

*October 5, 2017*

Django 1.11.6 fixes several bugs in 1.11.5.

Bugfixes
========

* Made the ``CharField`` form field convert whitespace-only values to the
``empty_value`` when ``strip`` is enabled (:ticket:`28555`).

* Fixed crash when using the name of a model's autogenerated primary key
(``id``) in an ``Index``'s ``fields`` (:ticket:`28597`).

* Fixed a regression in Django 1.9 where a custom view error handler such as
``handler404`` that accesses ``csrf_token`` could cause CSRF verification
failures on other pages (:ticket:`28488`).


===========================

1.11.5

Not secure
===========================

*September 5, 2017*

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
=============================================================================

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with ``DEBUG = True`` (which makes
this page accessible) in your production settings.

Bugfixes
========

* Fixed GEOS version parsing if the version has a commit hash at the end (new
in GEOS 3.6.2) (:ticket:`28441`).

* Added compatibility for ``cx_Oracle`` 6 (:ticket:`28498`).

* Fixed select widget rendering when option values are tuples (:ticket:`28502`).

* Django 1.11 inadvertently changed the sequence and trigger naming scheme on
Oracle. This causes errors on INSERTs for some tables if
``'use_returning_into': False`` is in the ``OPTIONS`` part of ``DATABASES``.
The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
upgrade script in :ticket:`28451` comment 8 to update sequence and trigger
names to use the pre-1.11 naming scheme.

* Added POST request support to ``LogoutView``, for equivalence with the
function-based ``logout()`` view (:ticket:`28513`).

* Omitted ``pages_per_range`` from ``BrinIndex.deconstruct()`` if it's ``None``
(:ticket:`25809`).

* Fixed a regression where ``SelectDateWidget`` localized the years in the
select box (:ticket:`28530`).

* Fixed a regression in 1.11.4 where ``runserver`` crashed with non-Unicode
system encodings on Python 2 + Windows (:ticket:`28487`).

* Fixed a regression in Django 1.10 where changes to a ``ManyToManyField``
weren't logged in the admin change history (:ticket:`27998`) and prevented
``ManyToManyField`` initial data in model forms from being affected by
subsequent model changes (:ticket:`28543`).

* Fixed non-deterministic results or an ``AssertionError`` crash in some
queries with multiple joins (:ticket:`26522`).

* Fixed a regression in ``contrib.auth``'s ``login()`` and ``logout()`` views
where they ignored positional arguments (:ticket:`28550`).


===========================

1.11.4

Not secure
===========================

*August 1, 2017*

Django 1.11.4 fixes several bugs in 1.11.3.

Bugfixes
========

* Fixed a regression in 1.11.3 on Python 2 where non-ASCII ``format`` values
for date/time widgets results in an empty ``value`` in the widget's HTML
(:ticket:`28355`).

* Fixed ``QuerySet.union()`` and ``difference()`` when combining with
a queryset raising ``EmptyResultSet`` (:ticket:`28378`).

* Fixed a regression in pickling of ``LazyObject`` on Python 2 when the wrapped
object doesn't have ``__reduce__()`` (:ticket:`28389`).

* Fixed crash in ``runserver``'s ``autoreload`` with Python 2 on Windows with
non-``str`` environment variables (:ticket:`28174`).

* Corrected ``Field.has_changed()`` to return ``False`` for disabled form
fields: ``BooleanField``, ``MultipleChoiceField``, ``MultiValueField``,
``FileField``, ``ModelChoiceField``, and ``ModelMultipleChoiceField``.

* Fixed ``QuerySet.count()`` for ``union()``, ``difference()``, and
``intersection()`` queries. (:ticket:`28399`).

* Fixed ``ClearableFileInput`` rendering as a subwidget of ``MultiWidget``
(:ticket:`28414`). Custom ``clearable_file_input.html`` widget templates
will need to adapt for the fact that context values
``checkbox_name``, ``checkbox_id``, ``is_initial``, ``input_text``,
``initial_text``, and ``clear_checkbox_label`` are now attributes of
``widget`` rather than appearing in the top-level context.

* Fixed queryset crash when using a ``GenericRelation`` to a proxy model
(:ticket:`28418`).


===========================

Page 30 of 52

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.