- Update to 4.2.3 (bsc#1212742, CVE-2023-36053)
+ CVE-2023-36053: Potential regular expression denial of service
vulnerability in EmailValidator/URLValidator
+ Bugfixes
* Fixed a regression in Django 4.2 that caused incorrect alignment
of timezone warnings for DateField and TimeField in the admin
* Fixed a regression in Django 4.2 that caused incorrect
highlighting of rows in the admin changelist view when
ModelAdmin.list_editable contained a BooleanField
OBS-URL: https://build.opensuse.org/request/show/1097909
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=139
- Update to 4.2.2
+ Bugfixes
* Fixed a regression in Django 4.2 that caused an unnecessary
DBMS_LOB.SUBSTR() wrapping in the __isnull and __exact=None
lookups for TextField()/BinaryField() on Oracle
* Restored, following a regression in Django 4.2, get_prep_value()
call in JSONField subclasses
* Fixed a regression in Django 4.2 that caused a crash of
QuerySet.defer() when passing a ManyToManyField or
GenericForeignKey reference. While doing so is a no-op, it was
allowed in older version
* Fixed a regression in Django 4.2 that caused a crash of
QuerySet.only() when passing a reverse OneToOneField reference
* Fixed a bug in Django 4.2 where makemigrations --update didn’t
respect the --name option
* Fixed a performance regression in Django 4.2 when compiling
queries without ordering
* Fixed a regression in Django 4.2 where nonexistent stylesheet
was linked on a “Congratulations!” page
* Fixed a regression in Django 4.2 that caused a crash of
QuerySet.aggregate() with expressions referencing other
aggregates
* Fixed a regression in Django 4.2 that caused a crash of
QuerySet.aggregate() with aggregates referencing subqueries
* Fixed a regression in Django 4.2 that caused a crash of
querysets on SQLite when filtering on DecimalField against
values outside of the defined range
* Fixed a regression in Django 4.2 that caused a serialization
crash on a ManyToManyField without a natural key when its
Manager’s base QuerySet used select_related()
OBS-URL: https://build.opensuse.org/request/show/1091039
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=135
- Update to 4.2.1
+ CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field
+ Bugfixes
* Fixed a regression in Django 4.2 that caused a crash of
QuerySet.defer() when deferring fields by attribute names
* Fixed a regression in Django 4.2 that caused a crash of
SearchVector function with % characters
* Fixed a regression in Django 4.2 that caused aggregation over
query that uses explicit grouping to group against the wrong
columns
* Reallowed, following a regression in Django 4.2, setting the
"cursor_factory" option in OPTIONS on PostgreSQL
* Enforced UTF-8 client encoding on PostgreSQL, following a
regression in Django 4.2
* Fixed a regression in Django 4.2 where i18n_patterns() didn’t
respect the prefix_default_language argument when a fallback
language of the default language was used
* Fixed a regression in Django 4.2 where translated URLs of the
default language from i18n_patterns() with
prefix_default_language set to False raised 404 errors for a
request with a different language
* Fixed a regression in Django 4.2 where creating copies and deep
copies of HttpRequest, HttpResponse, and their subclasses didn’t
always work correctly
* Fixed a regression in Django 4.2 where timesince and timeuntil
template filters returned incorrect results for a datetime with
a non-UTC timezone when a time difference is less than 1 day
* Fixed a regression in Django 4.2 that caused a crash of
SearchHeadline function with psycopg 3
* Fixed a regression in Django 4.2 that caused incorrect
ClearableFileInput margins in the admin
* Fixed a regression in Django 4.2 where breadcrumbs didn’t appear
on admin site app index views
* Made squashing migrations reduce AddIndex, RemoveIndex,
RenameIndex, and CreateModel operations which allows removing a
deprecated Meta.index_together option from historical migrations
and use Meta.indexes instead
OBS-URL: https://build.opensuse.org/request/show/1084538
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=133
- Update to 4.1.4
+ Fixed a regression in Django 4.1 that caused an unnecessary table
rebuild when adding a ManyToManyField on SQLite
+ Fixed a bug in Django 4.1 that caused a crash of the sitemap index
view with an empty Sitemap.items() and a callable lastmod
+ Fixed a bug in Django 4.1 that caused a crash using acreate(),
aget_or_create(), and aupdate_or_create() asynchronous methods of
related managers
+ Fixed a bug in Django 4.1 that caused a crash of
QuerySet.bulk_create() with "pk" in unique_fields
+ Fixed a bug in Django 4.1 that caused a crash of
QuerySet.bulk_create() on fields with db_column
OBS-URL: https://build.opensuse.org/request/show/1040693
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=119
- Update to 4.1.2 (bsc#1203793, CVE-2022-41323)
+ Fixed a regression in Django 4.1 that caused a migration crash on
PostgreSQL when adding a model with ExclusionConstraint
+ Fixed a regression in Django 4.1 that caused aggregation over a
queryset that contained an Exists annotation to crash due to too
many selected columns
+ Fixed a bug in Django 4.1 that caused an incorrect validation of
CheckConstraint on NULL values
+ Fixed a regression in Django 4.1 that caused a
QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg()
+ Fixed a bug in Django 4.1 that caused
ModelAdmin.autocomplete_fields to be incorrectly selected after
adding/changing related instances via popups
+ Fixed a regression in Django 4.1 where the app registry was not
populated when running parallel tests with the multiprocessing
start method spawn
+ Fixed a regression in Django 4.1 where the --debug-mode argument
to test did not work when running parallel tests with the
multiprocessing start method spawn
+ Fixed a regression in Django 4.1 that didn’t alter a sequence type
when altering type of pre-Django 4.1 serial columns on PostgreSQL
+ Fixed a regression in Django 4.1 that caused a crash for View
subclasses with asynchronous handlers when handling non-allowed
HTTP methods
+ Reverted caching related managers for ForeignKey, ManyToManyField,
and GenericRelation that caused the incorrect refreshing of
related objects
+ Relaxed the system check added in Django 4.1 for the same name
used for multiple template tag modules to a warning
OBS-URL: https://build.opensuse.org/request/show/1007838
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=115
- Update to 4.1.1
+ Reallowed, following a regression in Django 4.1, using GeoIP2()
when GEOS is not installed
+ Fixed a regression in Django 4.1 that caused a crash of admin’s
autocomplete widgets when translations are deactivated
+ Fixed a regression in Django 4.1 that caused a crash of the test
management command when running in parallel and multiprocessing
start method is spawn
+ Fixed a regression in Django 4.1 that caused an incorrect
redirection to the admin changelist view when using "Save and
continue editing" and "Save and add another" options
+ Fixed a regression in Django 4.1 that caused a crash of Window
expressions with ArrayAgg
+ Fixed a regression in Django 4.1 that caused a migration crash on
SQLite 3.35.5+ when removing an indexed field
+ Fixed a bug in Django 4.1 that caused a crash of model validation
on UniqueConstraint() with field names in expressions
+ Fixed a bug in Django 4.1 that caused an incorrect validation of
CheckConstraint() with range fields on PostgreSQL
+ Fixed a regression in Django 4.1 that caused an incorrect
migration when adding AutoField, BigAutoField, or SmallAutoField
on PostgreSQL
+ Fixed a regression in Django 4.1 that caused a migration crash on
PostgreSQL when altering AutoField, BigAutoField, or
SmallAutoField to OneToOneField
+ Fixed a migration crash on ManyToManyField fields with through
referencing models in different apps
+ Fixed a regression in Django 4.1 that caused an incorrect
migration when renaming a model with ManyToManyField and db_table
+ Reallowed, following a regression in Django 4.1, creating reverse
OBS-URL: https://build.opensuse.org/request/show/1001261
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=113
- Update to 4.0.2 (CVE-2022-22818, bsc#1195086) (CVE-2022-23833, bsc#1195088)
+ CVE-2022-22818: Possible XSS via {% debug %} template tag
+ CVE-2022-23833: Denial-of-service possibility in file uploads
+ Fixed a bug in Django 4.0 where
TestCase.captureOnCommitCallbacks() could execute callbacks
multiple times
+ Fixed a regression in Django 4.0 where help_text was HTML-escaped
in automatically-generated forms
+ Fixed a regression in Django 4.0 that caused displaying an
incorrect name for class-based views on the technical 404 debug
page
+ Fixed a regression in Django 4.0 that caused an incorrect repr of
ResolverMatch for class-based views
+ Fixed a regression in Django 4.0 that caused a crash of
makemigrations on models without Meta.order_with_respect_to but
with a field named _order
+ Fixed a regression in Django 4.0 that caused incorrect
ModelAdmin.radio_fields layout in the admin
+ Fixed a duplicate operation regression in Django 4.0 that caused a
migration crash when altering a primary key type for a concrete
parent model referenced by a foreign key
+ Fixed a bug in Django 4.0 that caused a crash of
QuerySet.aggregate() after annotate() on an aggregate function
with a default
+ Fixed a regression in Django 4.0 that caused a crash of
makemigrations when renaming a field of a renamed model
OBS-URL: https://build.opensuse.org/request/show/950390
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=101
- Update to 4.0.1 (CVE-2021-45115, CVE-2021-45452, bsc#1194117)
+ CVE-2021-45115: Denial-of-service possibility in
UserAttributeSimilarityValidator
+ CVE-2021-45452: Potential directory-traversal via Storage.save()
+ Fixed a regression in Django 4.0 that caused a crash of
assertFormsetError() on a formset named form
+ Fixed a bug in Django 4.0 that caused a crash on booleans with the
RedisCache backend
+ Relaxed the check added in Django 4.0 to reallow use of a
duck-typed HttpRequest in
django.views.decorators.cache.cache_control() and never_cache()
decorators
+ Fixed a regression in Django 4.0 that caused creating bogus
migrations for models that reference swappable models such as
auth.User
+ Fixed a long standing bug in Geometry Collections and Polygon that
caused a crash on some platforms (reported on macOS based on the
ARM64 architecture)
OBS-URL: https://build.opensuse.org/request/show/945252
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=99
