linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-django_2.2.25.bb, branch mickledore-next
Mirror of git.openembedded.org/meta-openembedded
https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=mickledore-next
2022-01-10T18:34:34+00:00
python3-django: upgrade 2.2.25 -> 2.2.26
2022-01-10T18:34:34+00:00
Trevor Gamblin
trevor.gamblin@windriver.com
2022-01-07T18:52:14+00:00
urn:sha1:280195a1098f7b18c0d3eea1ff8da987f6ff523a
2.2.26 provides fixes for three CVEs:
CVE-2021-45115
CVE-2021-45116
CVE-2021-45452
https://docs.djangoproject.com/en/4.0/releases/2.2.26/
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
python3-django: upgrade 2.2.24 -> 2.2.25
2021-12-16T16:14:04+00:00
Xu Huan
xuhuan.fnst@fujitsu.com
2021-12-15T09:48:27+00:00
urn:sha1:eaacb6321cdcd511dddbcffaaf664eff1b384aa5
changelog:
================================================================================
Django 2.2.25 fixes a security issue with severity "low" in 2.2.24.
CVE-2021-44420: Potential bypass of an upstream access control based on URL paths
=================================================================================
HTTP requests for URLs with trailing newlines could bypass an upstream access
control based on URL paths.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>