linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-django_3.2.10.bb, branch yoe/mut Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=yoe%2Fmut 2022-01-10T18:34:34+00:00 python3-django: upgrade 3.2.10 -> 3.2.11 2022-01-10T18:34:34+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2022-01-07T18:52:15+00:00 urn:sha1:6e166d723b1b40079bcdf7ff329aa3c4f9b85c67 3.2.11 provides fixes for three CVEs: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 https://docs.djangoproject.com/en/4.0/releases/3.2.11/ Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> python3-django: upgrade 3.2.5 -> 3.2.10 2021-12-22T02:47:47+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2021-12-20T14:27:38+00:00 urn:sha1:446a503acf6854b3357571044f396e6815f6bd9e From the release notes page (https://docs.djangoproject.com/en/4.0/releases/3.2.10/): Django 3.2.10 fixes a security issue with severity “low” and a bug in 3.2.9. CVE-2021-44420: Potential bypass of an upstream access control based on URL paths HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths. Bugfixes Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with BinaryField on PostgreSQL, which is memoryview-backed (#33333). Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10. Bugfixes Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering a field with a functional index (#33194). Django 3.2.8 fixes two bugs in 3.2.7. Bugfixes Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin (#33077). Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view (#33083). Django 3.2.7 fixes a bug in 3.2.6. Bugfixes Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones (#32992). Django 3.2.6 fixes several bugs in 3.2.5. Bugfixes Fixed a regression in Django 3.2 that caused a crash validating "NaN" input with a forms.DecimalField when additional constraints, e.g. max_value, were specified (#32949). Fixed a bug in Django 3.2 where a system check would crash on a model with a reverse many-to-many relation inherited from a parent class (#32947). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>