* Corrected packaging error from 2.1.6
* Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well
as the the floatformat, filesizeformat, and intcomma templates
filters – received a Decimal with a large number of digits or a
large exponent, it could lead to significant memory usage
due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted
using scientific notation.
* Made the obj argument of InlineModelAdmin.has_add_permission() optional
to restore backwards compatibility with third-party code that doesn’t
provide it
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=20
* CVE-2019-3498: Content spoofing possibility in the default 404 page
* Fixed compatibility with mysqlclient 1.3.14 (#30013).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop
and rebuild your SQLite database if you applied a migration while using
an older version of Django with SQLite 3.26 or later (#29182).
* Prevented SQLite schema alterations while foreign key checks are enabled
to avoid the possibility of schema corruption (#30023).
* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
where request body data isn’t properly consumed for such
connections (#30015).
* Fixed a regression in Django 2.1.4 where
InlineModelAdmin.has_change_permission() is incorrectly called with
a non-None obj argument during an object add (#30050).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=18
- Update to version 2.1.4
* Corrected the default password list that CommonPasswordValidator uses
by lowercasing all passwords to match the format expected by the validator
* Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in
an attempt to fix a random crash involving LooseVersion
* Fixed keep-alive support in runserver after it was disabled o 2.0
* Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields
* Fixed “Please correct the errors below” error message when editing an object
in the admin if the user only has the “view” permission on inlines
* Fixed a regression in Django 2.0 where combining Q objects with __in lookups
and lists crashed
* Fixed a regression in Django 2.0 where test databases aren’t reused
with manage.py test --keepdb on MySQL
* Fixed a regression where cached foreign keys that use to_field were
incorrectly cleared in Model.save()
* Fixed a regression in Django 2.0 where FileSystemStorage crashes
with FileExistsError if concurrent saves try to create the same directory
OBS-URL: https://build.opensuse.org/request/show/656841
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=16
- Update to version 2.1.2
* CVE-2018-16984: Password hash disclosure to “view only” admin
users
* Fixed a regression where nonexistent joins in F() no longer raised
FieldError (#29727).
* Fixed a regression where files starting with a tilde or underscore
weren’t ignored by the migrations loader (#29749).
* Made migrations detect changes to Meta.default_related_name
(#29755).
* Added compatibility for cx_Oracle 7 (#29759).
* Fixed a regression in Django 2.0 where unique index names weren’t
quoted (#29778).
* Fixed a regression where sliced queries with multiple columns with
the same name crashed on Oracle 12.1 (#29630).
* Fixed a crash when a user with the view (but not change)
permission made a POST request to an admin user change form
(#29809).
OBS-URL: https://build.opensuse.org/request/show/639971
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=12
- update to version 2.1.1
- drop django-urlencode.patch
* Fixed a race condition in QuerySet.update_or_create() that could result
in data loss
* Fixed a regression where QueryDict.urlencode() crashed if the dictionary
contains a non-string value
* Fixed a regression in Django 2.0 where using manage.py test --keepdb fails
on PostgreSQL if the database exists and the user doesn’t have permission
to create databases
* Fixed a regression in Django 2.0 where combining Q objects with __in
lookups and lists crashed
* Fixed translation failure of DurationField’s “overflow” error message
* Fixed a regression where the admin change form crashed if the user doesn’t
have the ‘add’ permission to a model that uses TabularInline
* Fixed a regression where a related_query_name reverse accessor wasn’t
set up when a GenericRelation is declared on an abstract base model
* Fixed the test client’s JSON serialization of a request data dictionary
for structured content type suffixes
* Made the admin change view redirect to the changelist view after a POST
if the user has the ‘view’ permission
* Fixed admin change view crash for view-only users if the form
has an extra form field
* Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list()
after combining querysets with extra() with union(), difference(),
or intersection() crashed due to mismatching columns
OBS-URL: https://build.opensuse.org/request/show/633018
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=10
- update to version 2.0.4:
* Fixed#29265 -- Removed the suggestion to hardcode static URLs.
* Fixed#29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
* Fixed#29195 -- Fixed Exists.output_field resolution on single-valued queries.
* Fixed links to Sphinx docs.
* Fixed typo in docs/releases/2.0.4.txt.
* Clarified docs about ISO 8601 week numbering.
* Fixed#29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID.
* Added CVE-2018-7536,7 to the security release archive.
* Fixed#29221 -- Corrected admin's autocomplete widget to add a space after custom classes.
* Fixed#29273 -- Prevented initial selection of empty choice in multiple choice widgets.
* Added a pagination example to ListView docs.
* Fixed#28514 -- Clarifed docs about idempotence of RelatedManager.add().
* isorted import statements in tutorial example.
* Fixed#29192 -- Corrected docs regarding overriding fields from abstract base classes.
* Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations.
* Added stub release notes for 1.11.12.
* Fixed#29165 -- Clarified how to load initial data with migrations.
* Fixed#29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant.
* Reverted "Expanded docs for AbstractBaseUser.has_usable_password()."
* Fixed typo in docs/releases/2.0.4/1.11.12.txt.
* Bumped version for 2.0.4 release.
* Fixed#29250 -- Added 'django_version' context to startapp/project docs.
* Added release date for 2.0.4 and 1.11.12.
* Post-release version bump.
* Clarified a sentence in docs/topics/i18n/translation.txt.
* Fixed#29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection().
* Added stub release notes for 2.0.4.
* Fixed a couple mistakes in docs/ref/forms/widgets.txt.
* Fixed#28655 -- Added more examples for customizing widgets in a form.
OBS-URL: https://build.opensuse.org/request/show/594522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=38
- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537):
* Fixed#29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets.
* Added CVE-2018-6188 to the security release archive.
* Post-release version bump.
* Updated translations from Transifex
* Added stub release notes for security releases.
* Fixed incorrect regex in re_path() example.
* Fixed#29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments.
* Fixed#29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks.
* Used a CSS positioning in tutorial 6 that doesn't differ across browsers.
* Fixed typo in bulk_create() documentation.
* Fixed#29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
* Removed blank lines per isort 4.3.0.
* Added stub release notes for 2.0.3.
* Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
* Fixed#29172 -- Fixed crash with Window expression in a subquery.
* Fixed#29166 -- Fixed crash in When() expression with a list argument.
* Fixed#24270 -- Doc'd that django_bash_completion is only in the source distribution.
* Improved clarity of docs/topics/install.txt.
* Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value.
* Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
* Bumped version for 2.0.3 release.
* Corrected doc'd type of some parameters from string to str.
* Fixed#29146 -- Readded ^ and $ inadvertently removed from re_path() examples.
* Fixed#29107 -- Doc'd that ModelForm doesn't actually inherit from Form.
* Switched test requirement to new psycopg2-binary package.
* Added backticks around obj argument in admin docs.
* Fixed typo in docs/topics/forms/media.txt.
* Fixed#29109 -- Fixed the admin time picker widget for the Thai locale.
* Fixed#29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
OBS-URL: https://build.opensuse.org/request/show/588436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=37
- update to 2.0.2 (bsc#1077714, CVE-2018-6188):
* Fixed#28883 -- Doc'd that the uuid URL path converter matches lowercase only letters.
* Fixed a GeoIP2 test failure with the latest GeoIP2 database.
* Added stub release notes for 2.0.1.
* Bumped version for 2.0.2 release.
* Fixed location of spatialite_source label.
* Fixed#28958 -- Fixed admin changelist crash when using a query expression in the page's ordering.
* Fixed#28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list.
* Fixed#29032 -- Fixed an example of using expressions in QuerySet.values().
* Disambiguated "settings" in SpatiaLite note.
* Fixed typo in docs/topics/testing/advanced.txt.
* Post-release version bump.
* Refs #25604 -- Removed docs for makemigrations --exit.
* Fixed#29002 -- Corrected cached template loader docs about when it's automatically enabled.
* Fixed typo in TemplateCommand argument help text.
* Added stub release notes for 1.11.9.
* Fixed#28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField.
* Refs #29086 -- Doc'd how to detect bytestring mistakes.
* Fixed#28886 -- Updated prefix for example django.contrib.auth.urls URLs.
* Fixed#29081 -- Clarified comments in QuerySet.select_related() example.
* Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup.
* Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table.
* Removed 'development' word in contributing docs
* Fixed#29055 -- Doc'd that escapejs doesn't make template literals safe.
* Fixed#29016 -- Fixed incorrect foreign key nullification on related instance deletion.
* Fixed grammar in docs/releases/2.0.txt.
* Fixed#29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does.
* Fixed#28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()).
* Fixed#29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py.
* Fixed#28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields.
OBS-URL: https://build.opensuse.org/request/show/573722
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=36
- Fix update-alternatives
- Update to version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
OBS-URL: https://build.opensuse.org/request/show/222292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=3
