* Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings
raised by cache key validation
* Fixed a regression in Django 3.0.7 that caused a queryset crash
when grouping by a many-to-one relationship
* Reallowed, following a regression in Django 3.0, non-expressions having
a filterable attribute to be used as the right-hand side in queryset filters
* Fixed a regression in Django 3.0.2 that caused a migration crash
on PostgreSQL when adding a foreign key to a model with a namespaced db_table
* Added compatibility for cx_Oracle 8
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=64
- Update to 2.2.8
* CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
* Fixed a data loss possibility in the admin changelist view when a
custom formset’s prefix contains regular expression special
characters, e.g. '$'
* Fixed a regression in Django 2.2.1 that caused a crash when
migrating permissions for proxy models with a multiple database
setup if the default entry was empty
* Fixed a data loss possibility in the select_for_update(). When
using 'self' in the of argument with multi-table inheritance, a
parent model was locked instead of the queryset’s model
- Add patch fix-selenium-test.patch to fix a test when selenium is
missing
OBS-URL: https://build.opensuse.org/request/show/752866
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=45
* Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
* Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
* Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
* Restored the ability to override get_FOO_display() (#30931).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=43
* Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673).
* Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672).
* Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449).
* Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=38
* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=35
- Update to 2.2.1
* Fixed a regression in Django 2.1 that caused the incorrect quoting
of database user password when using dbshell on Oracle (#30307).
* Added compatibility for psycopg2 2.8 (#30331).
* Fixed a regression in Django 2.2 that caused a crash when loading
the template for the technical 500 debug page (#30324).
* Fixed crash of ordering argument in ArrayAgg and StringAgg when it
contains an expression with params (#30332).
* Fixed a regression in Django 2.2 that caused a single instance
fast-delete to not set the primary key to None (#30330).
* Prevented makemigrations from generating infinite migrations for
check constraints and partial indexes when condition contains a
range object (#30350). Reverted an optimization in Django 2.2
(#29725) that caused the inconsistent behavior of count() and
exists() on a reverse many-to-many relationship with a custom
manager (#30325).
* Fixed a regression in Django 2.2 where Paginator crashes if
object_list is a queryset ordered or aggregated over a nested
JSONField key transform (#30335).
* Fixed a regression in Django 2.2 where IntegerField validation of
database limits crashes if limit_value attribute in a custom
validator is callable (#30328).
* Fixed a regression in Django 2.2 where SearchVector generates SQL
that is not indexable (#30385).
* Fixed a regression in Django 2.2 that caused an exception to be
raised when a custom error handler could not be imported (#30318).
* Relaxed the system check added in Django 2.2 for the admin app’s
dependencies to reallow use of SessionMiddleware subclasses,
rather than requiring django.contrib.sessions to be in
INSTALLED_APPS (#30312).
OBS-URL: https://build.opensuse.org/request/show/701120
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=28
* Corrected packaging error from 2.1.6
* Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well
as the the floatformat, filesizeformat, and intcomma templates
filters – received a Decimal with a large number of digits or a
large exponent, it could lead to significant memory usage
due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted
using scientific notation.
* Made the obj argument of InlineModelAdmin.has_add_permission() optional
to restore backwards compatibility with third-party code that doesn’t
provide it
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=20
* CVE-2019-3498: Content spoofing possibility in the default 404 page
* Fixed compatibility with mysqlclient 1.3.14 (#30013).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop
and rebuild your SQLite database if you applied a migration while using
an older version of Django with SQLite 3.26 or later (#29182).
* Prevented SQLite schema alterations while foreign key checks are enabled
to avoid the possibility of schema corruption (#30023).
* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
where request body data isn’t properly consumed for such
connections (#30015).
* Fixed a regression in Django 2.1.4 where
InlineModelAdmin.has_change_permission() is incorrectly called with
a non-None obj argument during an object add (#30050).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=18
- Update to version 2.1.4
* Corrected the default password list that CommonPasswordValidator uses
by lowercasing all passwords to match the format expected by the validator
* Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in
an attempt to fix a random crash involving LooseVersion
* Fixed keep-alive support in runserver after it was disabled o 2.0
* Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields
* Fixed “Please correct the errors below” error message when editing an object
in the admin if the user only has the “view” permission on inlines
* Fixed a regression in Django 2.0 where combining Q objects with __in lookups
and lists crashed
* Fixed a regression in Django 2.0 where test databases aren’t reused
with manage.py test --keepdb on MySQL
* Fixed a regression where cached foreign keys that use to_field were
incorrectly cleared in Model.save()
* Fixed a regression in Django 2.0 where FileSystemStorage crashes
with FileExistsError if concurrent saves try to create the same directory
OBS-URL: https://build.opensuse.org/request/show/656841
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=16
- Update to version 2.1.2
* CVE-2018-16984: Password hash disclosure to “view only” admin
users
* Fixed a regression where nonexistent joins in F() no longer raised
FieldError (#29727).
* Fixed a regression where files starting with a tilde or underscore
weren’t ignored by the migrations loader (#29749).
* Made migrations detect changes to Meta.default_related_name
(#29755).
* Added compatibility for cx_Oracle 7 (#29759).
* Fixed a regression in Django 2.0 where unique index names weren’t
quoted (#29778).
* Fixed a regression where sliced queries with multiple columns with
the same name crashed on Oracle 12.1 (#29630).
* Fixed a crash when a user with the view (but not change)
permission made a POST request to an admin user change form
(#29809).
OBS-URL: https://build.opensuse.org/request/show/639971
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=12
- update to version 2.1.1
- drop django-urlencode.patch
* Fixed a race condition in QuerySet.update_or_create() that could result
in data loss
* Fixed a regression where QueryDict.urlencode() crashed if the dictionary
contains a non-string value
* Fixed a regression in Django 2.0 where using manage.py test --keepdb fails
on PostgreSQL if the database exists and the user doesn’t have permission
to create databases
* Fixed a regression in Django 2.0 where combining Q objects with __in
lookups and lists crashed
* Fixed translation failure of DurationField’s “overflow” error message
* Fixed a regression where the admin change form crashed if the user doesn’t
have the ‘add’ permission to a model that uses TabularInline
* Fixed a regression where a related_query_name reverse accessor wasn’t
set up when a GenericRelation is declared on an abstract base model
* Fixed the test client’s JSON serialization of a request data dictionary
for structured content type suffixes
* Made the admin change view redirect to the changelist view after a POST
if the user has the ‘view’ permission
* Fixed admin change view crash for view-only users if the form
has an extra form field
* Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list()
after combining querysets with extra() with union(), difference(),
or intersection() crashed due to mismatching columns
OBS-URL: https://build.opensuse.org/request/show/633018
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=10
- update to version 2.0.4:
* Fixed#29265 -- Removed the suggestion to hardcode static URLs.
* Fixed#29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
* Fixed#29195 -- Fixed Exists.output_field resolution on single-valued queries.
* Fixed links to Sphinx docs.
* Fixed typo in docs/releases/2.0.4.txt.
* Clarified docs about ISO 8601 week numbering.
* Fixed#29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID.
* Added CVE-2018-7536,7 to the security release archive.
* Fixed#29221 -- Corrected admin's autocomplete widget to add a space after custom classes.
* Fixed#29273 -- Prevented initial selection of empty choice in multiple choice widgets.
* Added a pagination example to ListView docs.
* Fixed#28514 -- Clarifed docs about idempotence of RelatedManager.add().
* isorted import statements in tutorial example.
* Fixed#29192 -- Corrected docs regarding overriding fields from abstract base classes.
* Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations.
* Added stub release notes for 1.11.12.
* Fixed#29165 -- Clarified how to load initial data with migrations.
* Fixed#29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant.
* Reverted "Expanded docs for AbstractBaseUser.has_usable_password()."
* Fixed typo in docs/releases/2.0.4/1.11.12.txt.
* Bumped version for 2.0.4 release.
* Fixed#29250 -- Added 'django_version' context to startapp/project docs.
* Added release date for 2.0.4 and 1.11.12.
* Post-release version bump.
* Clarified a sentence in docs/topics/i18n/translation.txt.
* Fixed#29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection().
* Added stub release notes for 2.0.4.
* Fixed a couple mistakes in docs/ref/forms/widgets.txt.
* Fixed#28655 -- Added more examples for customizing widgets in a form.
OBS-URL: https://build.opensuse.org/request/show/594522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=38
- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537):
* Fixed#29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets.
* Added CVE-2018-6188 to the security release archive.
* Post-release version bump.
* Updated translations from Transifex
* Added stub release notes for security releases.
* Fixed incorrect regex in re_path() example.
* Fixed#29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments.
* Fixed#29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks.
* Used a CSS positioning in tutorial 6 that doesn't differ across browsers.
* Fixed typo in bulk_create() documentation.
* Fixed#29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
* Removed blank lines per isort 4.3.0.
* Added stub release notes for 2.0.3.
* Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
* Fixed#29172 -- Fixed crash with Window expression in a subquery.
* Fixed#29166 -- Fixed crash in When() expression with a list argument.
* Fixed#24270 -- Doc'd that django_bash_completion is only in the source distribution.
* Improved clarity of docs/topics/install.txt.
* Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value.
* Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
* Bumped version for 2.0.3 release.
* Corrected doc'd type of some parameters from string to str.
* Fixed#29146 -- Readded ^ and $ inadvertently removed from re_path() examples.
* Fixed#29107 -- Doc'd that ModelForm doesn't actually inherit from Form.
* Switched test requirement to new psycopg2-binary package.
* Added backticks around obj argument in admin docs.
* Fixed typo in docs/topics/forms/media.txt.
* Fixed#29109 -- Fixed the admin time picker widget for the Thai locale.
* Fixed#29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
OBS-URL: https://build.opensuse.org/request/show/588436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=37
- update to 2.0.2 (bsc#1077714, CVE-2018-6188):
* Fixed#28883 -- Doc'd that the uuid URL path converter matches lowercase only letters.
* Fixed a GeoIP2 test failure with the latest GeoIP2 database.
* Added stub release notes for 2.0.1.
* Bumped version for 2.0.2 release.
* Fixed location of spatialite_source label.
* Fixed#28958 -- Fixed admin changelist crash when using a query expression in the page's ordering.
* Fixed#28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list.
* Fixed#29032 -- Fixed an example of using expressions in QuerySet.values().
* Disambiguated "settings" in SpatiaLite note.
* Fixed typo in docs/topics/testing/advanced.txt.
* Post-release version bump.
* Refs #25604 -- Removed docs for makemigrations --exit.
* Fixed#29002 -- Corrected cached template loader docs about when it's automatically enabled.
* Fixed typo in TemplateCommand argument help text.
* Added stub release notes for 1.11.9.
* Fixed#28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField.
* Refs #29086 -- Doc'd how to detect bytestring mistakes.
* Fixed#28886 -- Updated prefix for example django.contrib.auth.urls URLs.
* Fixed#29081 -- Clarified comments in QuerySet.select_related() example.
* Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup.
* Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table.
* Removed 'development' word in contributing docs
* Fixed#29055 -- Doc'd that escapejs doesn't make template literals safe.
* Fixed#29016 -- Fixed incorrect foreign key nullification on related instance deletion.
* Fixed grammar in docs/releases/2.0.txt.
* Fixed#29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does.
* Fixed#28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()).
* Fixed#29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py.
* Fixed#28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields.
OBS-URL: https://build.opensuse.org/request/show/573722
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=36
- Fix update-alternatives
- Update to version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
OBS-URL: https://build.opensuse.org/request/show/222292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=3
