Workflow

Django

Latest version: v5.0.4

Safety actively analyzes 621363 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 5 of 52

4.1.6

Not secure
==========================

*February 1, 2023*

Django 4.1.6 fixes a security issue with severity "moderate" and a bug in
4.1.5.

CVE-2023-23969: Potential denial-of-service via ``Accept-Language`` headers
===========================================================================

The parsed values of ``Accept-Language`` headers are cached in order to avoid
repetitive parsing. This leads to a potential denial-of-service vector via
excessive memory usage if large header values are sent.

In order to avoid this vulnerability, the ``Accept-Language`` header is now
parsed up to a maximum length.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused a crash of model validation on
``UniqueConstraint`` with ordered expressions (:ticket:`34291`).


==========================

4.1.5

Not secure
==========================

*January 2, 2023*

Django 4.1.5 fixes a bug in 4.1.4. Also, the latest string translations from
Transifex are incorporated.

Bugfixes
========

* Fixed a long standing bug in the ``__len`` lookup for ``ArrayField`` that
caused a crash of model validation on
:attr:`Meta.constraints <django.db.models.Options.constraints>`
(:ticket:`34205`).


==========================

4.1.4

Not secure
==========================

*December 6, 2022*

Django 4.1.4 fixes several bugs in 4.1.3.

Bugfixes
========

* Fixed a regression in Django 4.1 that caused an unnecessary table rebuild
when adding a ``ManyToManyField`` on SQLite (:ticket:`34138`).

* Fixed a bug in Django 4.1 that caused a crash of the sitemap index view with
an empty :meth:`Sitemap.items() <django.contrib.sitemaps.Sitemap.items>` and
a callable :attr:`~django.contrib.sitemaps.Sitemap.lastmod`
(:ticket:`34088`).

* Fixed a bug in Django 4.1 that caused a crash using ``acreate()``,
``aget_or_create()``, and ``aupdate_or_create()`` asynchronous methods of
related managers (:ticket:`34139`).

* Fixed a bug in Django 4.1 that caused a crash of ``QuerySet.bulk_create()``
with ``"pk"`` in ``unique_fields`` (:ticket:`34177`).

* Fixed a bug in Django 4.1 that caused a crash of ``QuerySet.bulk_create()``
on fields with ``db_column`` (:ticket:`34171`).


==========================

4.1.3

Not secure
==========================

*November 1, 2022*

Django 4.1.3 fixes a bug in 4.1.2 and adds compatibility with Python 3.11.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused non-Python files created by
``startproject`` and ``startapp`` management commands from custom templates
to be incorrectly formatted using the ``black`` command (:ticket:`34085`).


==========================

4.1.2

Not secure
==========================

*October 4, 2022*

Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
4.1.1.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
===================================================================================

Internationalized URLs were subject to potential denial of service attack via
the locale parameter.

Bugfixes
========

* Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
when adding a model with ``ExclusionConstraint`` (:ticket:`33982`).

* Fixed a regression in Django 4.1 that caused aggregation over a queryset that
contained an ``Exists`` annotation to crash due to too many selected columns
(:ticket:`33992`).

* Fixed a bug in Django 4.1 that caused an incorrect validation of
``CheckConstraint`` on ``NULL`` values (:ticket:`33996`).

* Fixed a regression in Django 4.1 that caused a
``QuerySet.values()/values_list()`` crash on ``ArrayAgg()`` and
``JSONBAgg()`` (:ticket:`34016`).

* Fixed a bug in Django 4.1 that caused :attr:`.ModelAdmin.autocomplete_fields`
to be incorrectly selected after adding/changing related instances via popups
(:ticket:`34025`).

* Fixed a regression in Django 4.1 where the app registry was not populated
when running parallel tests with the ``multiprocessing`` start method
``spawn`` (:ticket:`34010`).

* Fixed a regression in Django 4.1 where the ``--debug-mode`` argument to
``test`` did not work when running parallel tests with the
``multiprocessing`` start method ``spawn`` (:ticket:`34010`).

* Fixed a regression in Django 4.1 that didn't alter a sequence type when
altering type of pre-Django 4.1 serial columns on PostgreSQL
(:ticket:`34058`).

* Fixed a regression in Django 4.1 that caused a crash for :class:`View`
subclasses with asynchronous handlers when handling non-allowed HTTP methods
(:ticket:`34062`).

* Reverted caching related managers for ``ForeignKey``, ``ManyToManyField``,
and ``GenericRelation`` that caused the incorrect refreshing of related
objects (:ticket:`33984`).

* Relaxed the system check added in Django 4.1 for the same name used for
multiple template tag modules to a warning (:ticket:`32987`).


==========================

4.1.1

Not secure
==========================

*September 5, 2022*

Django 4.1.1 fixes several bugs in 4.1.

Bugfixes
========

* Reallowed, following a regression in Django 4.1, using ``GeoIP2()`` when GEOS
is not installed (:ticket:`33886`).

* Fixed a regression in Django 4.1 that caused a crash of admin's autocomplete
widgets when translations are deactivated (:ticket:`33888`).

* Fixed a regression in Django 4.1 that caused a crash of the ``test``
management command when running in parallel and ``multiprocessing`` start
method is ``spawn`` (:ticket:`33891`).

* Fixed a regression in Django 4.1 that caused an incorrect redirection to the
admin changelist view when using *"Save and continue editing"* and *"Save and
add another"* options (:ticket:`33893`).

* Fixed a regression in Django 4.1 that caused a crash of
:class:`~django.db.models.expressions.Window` expressions with
:class:`~django.contrib.postgres.aggregates.ArrayAgg` (:ticket:`33898`).

* Fixed a regression in Django 4.1 that caused a migration crash on SQLite
3.35.5+ when removing an indexed field (:ticket:`33899`).

* Fixed a bug in Django 4.1 that caused a crash of model validation on
``UniqueConstraint()`` with field names in ``expressions`` (:ticket:`33902`).

* Fixed a bug in Django 4.1 that caused an incorrect validation of
``CheckConstraint()`` with range fields on PostgreSQL (:ticket:`33905`).

* Fixed a regression in Django 4.1 that caused an incorrect migration when
adding ``AutoField``, ``BigAutoField``, or ``SmallAutoField`` on PostgreSQL
(:ticket:`33919`).

* Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
when altering ``AutoField``, ``BigAutoField``, or ``SmallAutoField`` to
``OneToOneField`` (:ticket:`33932`).

* Fixed a migration crash on ``ManyToManyField`` fields with ``through``
referencing models in different apps (:ticket:`33938`).

* Fixed a regression in Django 4.1 that caused an incorrect migration when
renaming a model with ``ManyToManyField`` and ``db_table`` (:ticket:`33953`).

* Reallowed, following a regression in Django 4.1, creating reverse foreign key
managers on unsaved instances (:ticket:`33952`).

* Fixed a regression in Django 4.1 that caused a migration crash on SQLite <
3.20 (:ticket:`33960`).

* Fixed a regression in Django 4.1 that caused an admin crash when the
:mod:`~django.contrib.admindocs` app was used (:ticket:`33955`,
:ticket:`33971`).


========================

Page 5 of 52

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.