mcalabkova/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

Accepting request 896895 from home:aplanas:branches:devel:languages:python:django

Browse Source 
- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571)
  + CVE-2021-33203: Potential directory traversal via admindocs
  + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
    since validators accepted leading zeros in IPv4 addresses
  + Fixed a bug in Django 3.2 where a final catch-all view in the
    admin didn’t respect the server-provided value of SCRIPT_NAME when
    redirecting unauthenticated users to the login page
  + Fixed a bug in Django 3.2 where a system check would crash on an
    abstract model
  + Prevented unnecessary initialization of unused caches following a
    regression in Django 3.2
  + Fixed a crash in Django 3.2 that could occur when running mod_wsgi
    with the recommended settings while the Windows colorama library
    was installed
  + Fixed a bug in Django 3.2 that would trigger the auto-reloader for
    template changes when directory paths were specified with strings
  + Fixed a regression in Django 3.2 that caused a crash of
    auto-reloader with AttributeError, e.g. inside a Conda environment
  + Fixed a regression in Django 3.2 that caused a loss of precision
    for operations with DecimalField on MySQL

OBS-URL: https://build.opensuse.org/request/show/896895
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=86
This commit is contained in:
Markéta Machová
2021-06-03 15:42:35 +00:00
committed by Git OBS Bridge
parent 8a94c91b8a
commit 713157e5df
6 changed files with 95 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
python-Django.changes
View File

@@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Jun 2 10:45:01 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571)
+ CVE-2021-33203: Potential directory traversal via admindocs
+ CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
+ Fixed a bug in Django 3.2 where a final catch-all view in the
admin didnt respect the server-provided value of SCRIPT_NAME when
redirecting unauthenticated users to the login page
+ Fixed a bug in Django 3.2 where a system check would crash on an
abstract model
+ Prevented unnecessary initialization of unused caches following a
regression in Django 3.2
+ Fixed a crash in Django 3.2 that could occur when running mod_wsgi
with the recommended settings while the Windows colorama library
was installed
+ Fixed a bug in Django 3.2 that would trigger the auto-reloader for
template changes when directory paths were specified with strings
+ Fixed a regression in Django 3.2 that caused a crash of
auto-reloader with AttributeError, e.g. inside a Conda environment
+ Fixed a regression in Django 3.2 that caused a loss of precision
for operations with DecimalField on MySQL
-------------------------------------------------------------------
Mon May 17 07:37:47 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>