summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-django_2.2.16.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3-django: upgrade to 2.2.20Chen Qi2021-04-221-11/+0
| | | | | | | | | | | 2.2.x is LTS, so upgrade to latest release 2.2.20. This upgrade fixes several CVEs such as CVE-2021-3281. Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
* python3-django: fix CVE-2021-28658Stefan Ghinea2021-04-211-0/+2
| | | | | | | | | | | | | | | | | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
* python3-django: upgrade 2.2.13 -> 2.2.16Trevor Gamblin2020-09-111-0/+9
Summary of release notes from https://docs.djangoproject.com/en/2.2/releases/ 2.2.14 release notes: - Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised by cache key validation (#31654). 2.2.15 release notes: - Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie() (#31790). - Fixed crash when sending emails to addresses with display names longer than 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+ (#31784). 2.2.16 release notes: - Fixed CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ - Fixed CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ - Fixed a data loss possibility in the select_for_update(). When using related fields pointing to a proxy model in the of argument, the corresponding model was not locked (#31866). - Fixed a data loss possibility, following a regression in Django 2.0, when copying model instances with a cached fields value (#31863). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-19 12:20:44 +0000