Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next 2024-02-16T15:37:31+00:00 2024-02-16T15:37:31+00:00 Fathi Boudra fathi.boudra@linaro.org 2024-02-16T10:42:03+00:00 urn:sha1:6be4e223cb7d71dabe6fdcaa3b0f622b1c8df741 Django 4.0.x is no longer supported since April 2023. Upgrade to the latest 4.x LTS release. Fixes CVEs: CVE-2024-24680: Potential denial-of-service in intcomma template filter CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2022-08-24T02:12:52+00:00 Jagadeesh Krishnanjanappa workjagadeesh@gmail.com 2022-08-23T17:26:02+00:00 urn:sha1:ae8974f6baab6d5897b758fdfe99bef4bdc5fa2b Add runtime dependency on python3-asgiref as the "django-admin" script needs asgiref module. More info: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14888 Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2022-03-15T19:34:22+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2022-03-14T16:44:10+00:00 urn:sha1:4c1e31f90696cac73516210bc2eed39cc45ecd62 4.0.2 fixes CVE-2022-22818 and CVE-2022-23833. See: https://docs.djangoproject.com/en/dev/releases/4.0.2/ Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: tgamblin <trevor.gamblin@windriver.com>