- Update to 6.0.3
* CVE-2026-25674: Potential incorrect permissions on newly created
file system objects (bsc#1259142)
* Fixed NameError when inspecting functions making use of deferred
annotations in Python 3.14
* Fixed AttributeError when subclassing builtin lookups and neglecting
to override as_sql() to accept any sequence
* Fixed TypeError when deprecation warnings are emitted in environments
importing Django by namespace
* Fixed a visual regression where fieldset legends were misaligned
in the admin
* Prevented the django.tasks.signals.task_finished signal from writing
extraneous log messages when no exceptions are encountered
OBS-URL: https://build.opensuse.org/request/show/1336307
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django6?expand=0&rev=4
* CVE-2026-25674: Potential incorrect permissions on newly created
file system objects (bsc#1259142)
* Fixed NameError when inspecting functions making use of deferred
annotations in Python 3.14
* Fixed AttributeError when subclassing builtin lookups and neglecting
to override as_sql() to accept any sequence
* Fixed TypeError when deprecation warnings are emitted in environments
importing Django by namespace
* Fixed a visual regression where fieldset legends were misaligned
in the admin
* Prevented the django.tasks.signals.task_finished signal from writing
extraneous log messages when no exceptions are encountered
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django6?expand=0&rev=10
- Update to 6.0.2
* CVE-2025-13473: Username enumeration through timing difference
in mod_wsgi authentication handler (bsc#1257401)
* CVE-2025-14550: Potential denial-of-service vulnerability via
repeated headers when using ASGI (bsc#1257403)
* CVE-2026-1207: Potential SQL injection via raster lookups on
PostGIS (bsc#1257405)
* CVE-2026-1285: Potential denial-of-service vulnerability in
django.utils.text.Truncator HTML methods (bsc#1257406)
* CVE-2026-1287: Potential SQL injection in column aliases via
control characters (bsc#1257407)
* CVE-2026-1312: Potential SQL injection via QuerySet.order_by
and FilteredRelation (bsc#1257408)
* Fixed a visual regression in Django 6.0 that caused the admin
filter sidebar to wrap below the changelist when filter elements
contained long text
* Fixed a visual regression in Django 6.0 for admin form fields
grouped under a <fieldset> aligned horizontally
* Fixed a regression in Django 6.0 where auto_now_add field values
were not populated during INSERT operations, due to incorrect
parameters passed to field.pre_save()
OBS-URL: https://build.opensuse.org/request/show/1330888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django6?expand=0&rev=8
- Update to 6.0.1
* Fixed a bug in Django 5.2 where data exceeding max_length was
silently truncated by QuerySet.bulk_create() on PostgreSQL
* Fixed a regression in Django 6.0 where querystring mishandled
multi-value QueryDict keys, both by only preserving the last
value and by incorrectly handling None values
* Fixed a regression in Django 6.0 that prevented changing the name
of a ManyToManyField from taking effect when applying migrations
* Fixed a bug where management command colorized help (introduced in
Python 3.14) ignored the --no-color option and the DJANGO_COLORS
setting
* Fixed a regression in Django 6.0 that caused bulk_create() to
crash when introspecting the connection on SQLite
* Fixed a visual regression in Django 6.0 for admin form fields
grouped under a <fieldset> in Safari
* Fixed a crash in Django 6.0 caused by infinite recursion when
calling repr() on an unevaluated django.utils.csp.LazyNonce
instance
* Fixed a regression in Django 6.0 where path() routes defined using
gettext_lazy() failed to resolve correctly
* Fixed a regression in Django 6.0 where the Widget.use_fieldset
attribute of ClearableFileInput was flipped from False to True
* Reverted an undocumented optimization in Django 6.0 that modified
permission name and codename values when renaming models via a
migration
- Drop merged test_strip_tags_incomplete.patch
OBS-URL: https://build.opensuse.org/request/show/1326320
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django6?expand=0&rev=6
