This update for python-Django fixes the following issues:
- CVE-2023-24580: Prevent DOS in file uploads. (boo#1208082)
update to 1.11.15
- CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware (boo#1102680)
- Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+
- Fixed a regression in Django 1.10 that could result in large memory usage
when making edits using ModelAdmin.list_editable
- Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list()
after combining an annotated and unannotated queryset with union(),
difference(), or intersection() crashed due to mismatching columns
- Fixed crashes in django.contrib.admindocs when a view is a callable object,
such as django.contrib.syndication.views.Feed
- Fixed a regression in Django 1.11.8 where altering a field with a unique
constraint may drop and rebuild more foreign keys than necessary
- Fixed a regression in Django 1.11.8 where combining two annotated values_list()
querysets with union(), difference(), or intersection() crashed due to mismatching columns
- Fixed a regression in Django 1.11 where an empty choice could be
initially selected for the SelectMultiple and CheckboxSelectMultiple widgets
-
Update to 1.11.11
- Fixes CVE-2018-7536, CVE-2018-7537
-
Update to 1.11.10 LTS
- Fixes CVE-2018-6188 boo#1077714, CVE-2017-7234, CVE-2017-7233,
CVE-2017-12794
-
Change Requires: python-Pillow to python-imaging for compatibility
with SLE-12 which provides PIL instead of Pillow.
-
Update to 1.9.9
Bugfixes
- Fixed invalid HTML in template postmortem on the debug page
(#26938).
- Fixed some GIS database function crashes on MySQL 5.7 (#26657).
-
Update to 1.9.8
Fix XSS in admin’s add/change related popup (boo#988420)
Unsafe usage of JavaScript’s Element.innerHTML could result in XSS
in the admin’s add/change related popup. Element.textContent is now
used to prevent execution...