"Fossies" - the Fresh Open Source Software Archive

Member "Django-1.11.25/docs/releases/1.11.19.txt" (1 Oct 2019, 726 Bytes) of package /linux/www/Django-1.11.25.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "1.11.19.txt": 2.2.2_vs_2.2.3.

    1 ============================
    2 Django 1.11.19 release notes
    3 ============================
    4 
    5 *February 11, 2019*
    6 
    7 Django 1.11.19 fixes a security issue in 1.11.18.
    8 
    9 CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
   10 --------------------------------------------------------------------------
   11 
   12 If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
   13 as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
   14 filters -- received a ``Decimal`` with a large number of digits or a large
   15 exponent, it could lead to significant memory usage due to a call to
   16 ``'{:f}'.format()``.
   17 
   18 To avoid this, decimals with more than 200 digits are now formatted using
   19 scientific notation.