Markéta Machová
9356993ff3
- Update to 6.0.2
* CVE-2025-13473: Username enumeration through timing difference
in mod_wsgi authentication handler (bsc#1257401)
* CVE-2025-14550: Potential denial-of-service vulnerability via
repeated headers when using ASGI (bsc#1257403)
* CVE-2026-1207: Potential SQL injection via raster lookups on
PostGIS (bsc#1257405)
* CVE-2026-1285: Potential denial-of-service vulnerability in
django.utils.text.Truncator HTML methods (bsc#1257406)
* CVE-2026-1287: Potential SQL injection in column aliases via
control characters (bsc#1257407)
* CVE-2026-1312: Potential SQL injection via QuerySet.order_by
and FilteredRelation (bsc#1257408)
* Fixed a visual regression in Django 6.0 that caused the admin
filter sidebar to wrap below the changelist when filter elements
contained long text
* Fixed a visual regression in Django 6.0 for admin form fields
grouped under a <fieldset> aligned horizontally
* Fixed a regression in Django 6.0 where auto_now_add field values
were not populated during INSERT operations, due to incorrect
parameters passed to field.pre_save()
OBS-URL: https://build.opensuse.org/request/show/1330888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django6?expand=0&rev=8
154 KiB
154 KiB