CVE-2020-24584

Advisory

Machado 0.4.0 updates its dependency 'Django' to v3.2.14 to include security fixes.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

https://pypi.org/project/machado/


Release Notes

Improvements
- API: retrieves API examples from the settings.py file
- feature page: includes a single fixed submit button
- feature page: loads expression data from the API and renders in a dynamic table
- JBrowse: adds SNV tracks and addition description to features
- search index: allows to find features based on overlapping features uniquename
- search index: adds feature name and dbxrefs to the index
- data loading: defines the valid_types in the settings file
- data loading: refactoring -> creates a class to handle feature attributes
- data loading: update regex to handle uncommon dbxrefs like Gene3D:G3DSA:3.30.920.10
- data loading: updates to handle multiple feature annotation attributes
- data loading: adds the option DOI to the load_feature_annotation command
- general: updates retrieve_feature_id to identify soterm-accession
- general: distinguish infraspecific name throughout the code
- general: performance improvements

Fixes
- API: fixes drf-yasg securityDefinition



What's Changed
* retrieves API examples from the settings.py file by azneto in https://github.com/lmb-embrapa/machado/pull/290
* fixes drf-yasg securityDefinition by azneto in https://github.com/lmb-embrapa/machado/pull/291
* species name in italics by azneto in https://github.com/lmb-embrapa/machado/pull/293
* upgrades to django 3.1.7 and updates the docs by azneto in https://github.com/lmb-embrapa/machado/pull/295
* includes a single fixed submit button in replacement for several appl… by azneto in https://github.com/lmb-embrapa/machado/pull/296
* includes a single fixed submit button in replacement for several appl… by azneto in https://github.com/lmb-embrapa/machado/pull/297
* defines the valid_types in the settings file and by azneto in https://github.com/lmb-embrapa/machado/pull/298
* adds accession to jbrowse tracks and includes feature.name, feature.uniquename, and overlapping_features.uniquename to the text search by azneto in https://github.com/lmb-embrapa/machado/pull/299
* Bump django from 3.1.7 to 3.1.8 by dependabot in https://github.com/lmb-embrapa/machado/pull/302
* feature.js publication corrections by mmudado in https://github.com/lmb-embrapa/machado/pull/304
* search_indexes: performance tweak and error handling by azneto in https://github.com/lmb-embrapa/machado/pull/305
* creates a class feature_attribute and configures it to handle QTLDB.gff files. by azneto in https://github.com/lmb-embrapa/machado/pull/307
* assay.py implemented get_or_create for assay_prop by mmudado in https://github.com/lmb-embrapa/machado/pull/306
* exclude feature annotation of overlapping features of the same type by azneto in https://github.com/lmb-embrapa/machado/pull/308
* handles the DOI attribute by azneto in https://github.com/lmb-embrapa/machado/pull/309
* fix obj.name == None by azneto in https://github.com/lmb-embrapa/machado/pull/310
* modify search to run partial searches rather than starts_with searches by azneto in https://github.com/lmb-embrapa/machado/pull/311
* updates retrieve_feature_id to ignore case by azneto in https://github.com/lmb-embrapa/machado/pull/313
* adds dbxrefs to the elasticsearch index by azneto in https://github.com/lmb-embrapa/machado/pull/314
* updates index to ignore case and the prefix of dbxrefs by azneto in https://github.com/lmb-embrapa/machado/pull/315
* updates searches to Raw by azneto in https://github.com/lmb-embrapa/machado/pull/316
* feature page: loads expression data from the API and renders in a dynamic table by azneto in https://github.com/lmb-embrapa/machado/pull/317
* Indexing improvement by njbooher in https://github.com/lmb-embrapa/machado/pull/318
* updates to handle CNV by azneto in https://github.com/lmb-embrapa/machado/pull/319
* Call init properly by njbooher in https://github.com/lmb-embrapa/machado/pull/320
* updates the Django version and changes the operator to ~= in order to allow compatible versions by azneto in https://github.com/lmb-embrapa/machado/pull/322
* Infraspecific name by njbooher in https://github.com/lmb-embrapa/machado/pull/323
* minor fixes to display empty rather than None by azneto in https://github.com/lmb-embrapa/machado/pull/324
* Handle weird xrefs during loading by njbooher in https://github.com/lmb-embrapa/machado/pull/327
* Upgrade django to 3.2 by njbooher in https://github.com/lmb-embrapa/machado/pull/329
* configures API endpoints to cache results, updates dependencies versions, and updates travis for ubuntu focal by azneto in https://github.com/lmb-embrapa/machado/pull/332
* Bump django from 3.2.10 to 3.2.12 by dependabot in https://github.com/lmb-embrapa/machado/pull/334
* Allows to add DOI to feature_properties and make DOI searcheable by elasticsearch by azneto in https://github.com/lmb-embrapa/machado/pull/336
* minor changes to improve sonarcloud score by azneto in https://github.com/lmb-embrapa/machado/pull/337
* minor changes to improve sonarcloud score by azneto in https://github.com/lmb-embrapa/machado/pull/338
* Bump django from 3.2.12 to 3.2.13 by dependabot in https://github.com/lmb-embrapa/machado/pull/339
* updates django and includes django-haystack to the dependencies by azneto in https://github.com/lmb-embrapa/machado/pull/340
* updates docs to use elasticsearch 7 by azneto in https://github.com/lmb-embrapa/machado/pull/341
* Update to django 3.2.14 by njbooher in https://github.com/lmb-embrapa/machado/pull/342
* new tests for travis CI by azneto in https://github.com/lmb-embrapa/machado/pull/343
* Speed up JBrowse RefSeqs endpoint by njbooher in https://github.com/lmb-embrapa/machado/pull/346


New Contributors
* njbooher made their first contribution in https://github.com/lmb-embrapa/machado/pull/318

**Full Changelog**: https://github.com/lmb-embrapa/machado/compare/v0.3.0...0.4.0

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584