- Update to 3.2.5 (CVE-2021-35042, bsc#1187785)
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(..., named=True) after prefetch_related()
+ Fixed a bug in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when altering BinaryField, JSONField, or TextField to
non-nullable
+ Fixed a regression in Django 3.2 that caused a migration crash on
MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or
TextField with a default value
+ Fixed a bug in Django 3.2 where a system check would crash on a
model with an invalid app_label
OBS-URL: https://build.opensuse.org/request/show/903353
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=88
- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571)
+ CVE-2021-33203: Potential directory traversal via admindocs
+ CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
+ Fixed a bug in Django 3.2 where a final catch-all view in the
admin didn’t respect the server-provided value of SCRIPT_NAME when
redirecting unauthenticated users to the login page
+ Fixed a bug in Django 3.2 where a system check would crash on an
abstract model
+ Prevented unnecessary initialization of unused caches following a
regression in Django 3.2
+ Fixed a crash in Django 3.2 that could occur when running mod_wsgi
with the recommended settings while the Windows colorama library
was installed
+ Fixed a bug in Django 3.2 that would trigger the auto-reloader for
template changes when directory paths were specified with strings
+ Fixed a regression in Django 3.2 that caused a crash of
auto-reloader with AttributeError, e.g. inside a Conda environment
+ Fixed a regression in Django 3.2 that caused a loss of precision
for operations with DecimalField on MySQL
OBS-URL: https://build.opensuse.org/request/show/896895
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=86
- Update to 3.2.1 (CVE-2021-31542)
+ CVE-2021-31542: Potential directory-traversal via uploaded files
+ Corrected detection of GDAL 3.2 on Windows
+ Fixed a bug in Django 3.2 where subclasses of BigAutoField and
SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values()/values_list() after QuerySet.union(),
intersection(), and difference() when it was ordered by an
unannotated field
+ Restored, following a regression in Django 3.2, displaying an
exception message on the technical 404 debug page
+ Fixed a bug in Django 3.2 where a system check would crash on a
reverse one-to-one relationships in CheckConstraint.check or
UniqueConstraint.condition
+ Fixed a regression in Django 3.2 that caused a crash of
ModelAdmin.search_fields when searching against phrases with
unbalanced quotes
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
rendering the sitemap template if alternates were not defined
+ Fixed a regression in Django 3.2 that caused a crash when
combining Q() objects which contains boolean expressions
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.update() on a queryset ordered by inherited or joined
fields on MySQL and MariaDB
+ Fixed a regression in Django 3.2 that caused a crash when decoding
a cookie value, used by
django.contrib.messages.storage.cookie.CookieStorage, in the
pre-Django 3.2 format
+ Fixed a regression in Django 3.2 that stopped the shift-key
modifier selecting multiple rows in the admin changelist
+ Fixed a bug in Django 3.2 where a system check would crash on the
STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path)
+ Fixed a long standing bug involving queryset bitwise combination
when used with subqueries that began manifesting in Django 3.2,
due to a separate fix using Exists to exclude() multi-valued
relationships
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
when rendering some admin templates
+ Fixed a bug in Django 3.2 where an admin changelist would crash
when deleting objects filtered against multi-valued relationships
+ Fixed a regression in Django 3.2 where the calling process
environment would not be passed to the dbshell command on PostgreSQL
+ Fixed a performance regression in Django 3.2 when building complex
filters with subqueries
OBS-URL: https://build.opensuse.org/request/show/890638
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=80
- Update to 3.1.4
* Fixed setting the Content-Length HTTP header in AsyncRequestFactory
* Fixed passing extra HTTP headers to AsyncRequestFactory request methods
* Fixed crash of key transforms for JSONField on PostgreSQL when usingi
on a Subquery() annotation
* Fixed a regression in Django 3.1 that caused the incorrect grouping
by a Q object annotation
* Fixed a regression in Django 3.1 that caused suppressing connection errors
when JSONField is used on SQLite
* Fixed a crash on SQLite, when QuerySet.values()/values_list() contained
key transforms for JSONField returning non-string primitive values
OBS-URL: https://build.opensuse.org/request/show/854260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=70
* Fixed setting the Content-Length HTTP header in AsyncRequestFactory
* Fixed passing extra HTTP headers to AsyncRequestFactory request methods
* Fixed crash of key transforms for JSONField on PostgreSQL when usingi
on a Subquery() annotation
* Fixed a regression in Django 3.1 that caused the incorrect grouping
by a Q object annotation
* Fixed a regression in Django 3.1 that caused suppressing connection errors
when JSONField is used on SQLite
* Fixed a crash on SQLite, when QuerySet.values()/values_list() contained
key transforms for JSONField returning non-string primitive values
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=74
- Update to 3.1.3
* Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin
changelist search bar
* Fixed a regression in Django 3.1.2 that caused the incorrect width of the
admin changelist search bar on a filtered page
* Fixed displaying Unicode characters in forms.JSONField and read-only
models.JSONField values in the admin
* Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg
with ordering on key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a crash of __in lookup when using
key transforms for JSONField in the lookup value
* Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with
key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL
when adding an ExclusionConstraint with key transforms for JSONField in expressions
* Fixed a regression in Django 3.1 where ProtectedError.protected_objects
and RestrictedError.restricted_objects attributes returned iterators instead
of set of objects
* Fixed a regression in Django 3.1.2 that caused incorrect form input layout
on small screens in the admin change form view
* Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens
* Added support for asgiref 3.3
* Fixed a regression in Django 3.1 that caused incorrect textarea layout
on medium-sized screens in the admin change form view with the sidebar open
* Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases
in the GROUP BY clause
* Fixed a bug in Django 3.1 where FileField instances with a callable storage were
not correctly deconstructed
* Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned
incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with
OBS-URL: https://build.opensuse.org/request/show/845465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=69
* Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin
changelist search bar
* Fixed a regression in Django 3.1.2 that caused the incorrect width of the
admin changelist search bar on a filtered page
* Fixed displaying Unicode characters in forms.JSONField and read-only
models.JSONField values in the admin
* Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg
with ordering on key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a crash of __in lookup when using
key transforms for JSONField in the lookup value
* Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with
key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL
when adding an ExclusionConstraint with key transforms for JSONField in expressions
* Fixed a regression in Django 3.1 where ProtectedError.protected_objects
and RestrictedError.restricted_objects attributes returned iterators instead
of set of objects
* Fixed a regression in Django 3.1.2 that caused incorrect form input layout
on small screens in the admin change form view
* Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens
* Added support for asgiref 3.3
* Fixed a regression in Django 3.1 that caused incorrect textarea layout
on medium-sized screens in the admin change form view with the sidebar open
* Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases
in the GROUP BY clause
* Fixed a bug in Django 3.1 where FileField instances with a callable storage were
not correctly deconstructed
* Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned
incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=72
- Update to 3.1.1
* CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
* CVE-2020-24584: Permission escalation in intermediate-level directories of the file
system cache on Python 3.7+
* Fixed a data loss possibility in the select_for_update(). When using related fields
pointing to a proxy model in the of argument, the corresponding model was not locked
* Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data
* Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite
* Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator
and settings.py
OBS-URL: https://build.opensuse.org/request/show/833246
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=70
- update to 3.0.8
* Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings
raised by cache key validation
* Fixed a regression in Django 3.0.7 that caused a queryset crash
when grouping by a many-to-one relationship
* Reallowed, following a regression in Django 3.0, non-expressions having
a filterable attribute to be used as the right-hand side in queryset filters
* Fixed a regression in Django 3.0.2 that caused a migration crash
on PostgreSQL when adding a foreign key to a model with a namespaced db_table
* Added compatibility for cx_Oracle 8
OBS-URL: https://build.opensuse.org/request/show/819476
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=66
* Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings
raised by cache key validation
* Fixed a regression in Django 3.0.7 that caused a queryset crash
when grouping by a many-to-one relationship
* Reallowed, following a regression in Django 3.0, non-expressions having
a filterable attribute to be used as the right-hand side in queryset filters
* Fixed a regression in Django 3.0.2 that caused a migration crash
on PostgreSQL when adding a foreign key to a model with a namespaced db_table
* Added compatibility for cx_Oracle 8
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=64
- Update to 2.2.8
* CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
* Fixed a data loss possibility in the admin changelist view when a
custom formset’s prefix contains regular expression special
characters, e.g. '$'
* Fixed a regression in Django 2.2.1 that caused a crash when
migrating permissions for proxy models with a multiple database
setup if the default entry was empty
* Fixed a data loss possibility in the select_for_update(). When
using 'self' in the of argument with multi-table inheritance, a
parent model was locked instead of the queryset’s model
- Add patch fix-selenium-test.patch to fix a test when selenium is
missing
OBS-URL: https://build.opensuse.org/request/show/752866
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=45
- Update to 2.2.7:
* Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
* Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
* Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
* Restored the ability to override get_FOO_display() (#30931).
- Require full python interpreter on build and runtime
OBS-URL: https://build.opensuse.org/request/show/748860
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=57
* Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
* Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
* Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
* Restored the ability to override get_FOO_display() (#30931).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=43
