"Fossies" - the Fresh Open Source Software Archive

Member "Django-1.11.25/docs/releases/1.8.7.txt" (1 Oct 2019, 2707 Bytes) of package /linux/www/Django-1.11.25.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 ==========================
    2 Django 1.8.7 release notes
    3 ==========================
    4 
    5 *November 24, 2015*
    6 
    7 Django 1.8.7 fixes a security issue and several bugs in 1.8.6.
    8 
    9 Additionally, Django's vendored version of six, :mod:`django.utils.six`, has
   10 been upgraded to the latest release (1.10.0).
   11 
   12 Fixed settings leak possibility in ``date`` template filter
   13 ===========================================================
   14 
   15 If an application allows users to specify an unvalidated format for dates and
   16 passes this format to the :tfilter:`date` filter, e.g.
   17 ``{{ last_updated|date:user_date_format }}``, then a malicious user could
   18 obtain any secret in the application's settings by specifying a settings key
   19 instead of a date format. e.g. ``"SECRET_KEY"`` instead of ``"j/m/Y"``.
   20 
   21 To remedy this, the underlying function used by the ``date`` template filter,
   22 ``django.utils.formats.get_format()``, now only allows accessing the date/time
   23 formatting settings.
   24 
   25 Bugfixes
   26 ========
   27 
   28 * Fixed a crash of the debug view during the autumn DST change when
   29   :setting:`USE_TZ` is ``False`` and ``pytz`` is installed.
   30 
   31 * Fixed a regression in 1.8.6 that caused database routers without an
   32   ``allow_migrate()`` method to crash (:ticket:`25686`).
   33 
   34 * Fixed a regression in 1.8.6 by restoring the ability to use ``Manager``
   35   objects for the ``queryset`` argument of ``ModelChoiceField``
   36   (:ticket:`25683`).
   37 
   38 * Fixed a regression in 1.8.6 that caused an application with South migrations
   39   in the ``migrations`` directory to fail (:ticket:`25618`).
   40 
   41 * Fixed a data loss possibility with :class:`~django.db.models.Prefetch` if
   42   ``to_attr`` is set to a ``ManyToManyField`` (:ticket:`25693`).
   43 
   44 * Fixed a regression in 1.8 by making ``gettext()`` once again return UTF-8
   45   bytestrings on Python 2 if the input is a bytestring (:ticket:`25720`).
   46 
   47 * Fixed serialization of
   48   :class:`~django.contrib.postgres.fields.DateRangeField` and
   49   :class:`~django.contrib.postgres.fields.DateTimeRangeField` (:ticket:`24937`).
   50 
   51 * Fixed the exact lookup of ``ArrayField`` (:ticket:`25666`).
   52 
   53 * Fixed ``Model.refresh_from_db()`` updating of ``ForeignKey`` fields with
   54   ``on_delete=models.SET_NULL`` (:ticket:`25715`).
   55 
   56 * Fixed a duplicate query regression in 1.8 on proxied model deletion
   57   (:ticket:`25685`).
   58 
   59 * Fixed ``set_FOO_order()`` crash when the ``ForeignKey`` of a model with
   60   ``order_with_respect_to`` references a model with a ``OneToOneField``
   61   primary key (:ticket:`25786`).
   62 
   63 * Fixed incorrect validation for ``PositiveIntegerField`` and
   64   ``PositiveSmallIntegerField`` on MySQL resulting in values greater than
   65   4294967295 or 65535, respectively, passing validation and being silently
   66   truncated by the database (:ticket:`25767`).