Page MenuHomeSolus

Update django to 2.2.2
ClosedPublic

Authored by maverick1 on Jun 8 2019, 9:18 AM.

Details

Summary

Update django to 2.2.2

Changes

  • CVE-2019-12308: AdminURLFieldWidget XSS
  • Patched bundled jQuery for CVE-2019-11358: Prototype pollution
  • Fixed a regression in Django 2.2 that stopped Show/Hide toggles working on dynamically added admin inlines
  • Fixed a regression in Django 2.2 where deprecation message crashes if Meta.ordering contains an expression
  • Fixed a regression in Django 2.2.1 where SearchVector generates SQL with a redundant Coalesce call
  • Fixed a regression in Django 2.2 where auto-reloader doesn’t detect changes in manage.py file when using StatReloader
  • Fixed crash of ArrayAgg and StringAgg with ordering argument when used in a Subquery
  • Fixed a regression in Django 2.2 that caused a crash of auto-reloader when an exception with custom signature is raised
  • Fixed a regression in Django 2.2.1 where auto-reloader unnecessarily reloads translation files multiple times when using StatReloader
Test Plan

Created django project and ran server

Diff Detail

Repository
R2575 python-django
Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage
maverick1 created this revision.Jun 8 2019, 9:18 AM
maverick1 requested review of this revision.Jun 8 2019, 9:18 AM
Girtablulu added a project: Restricted Project.Jun 8 2019, 9:45 AM
JoshStrobl accepted this revision.Jun 11 2019, 7:33 PM
JoshStrobl retitled this revision from Update django to 2.2.2 to address security issues CVE-2019-12308 and CVE-2019-11358 to Update django to 2.2.2.
JoshStrobl edited the summary of this revision. (Show Details)
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Jun 11 2019, 7:33 PM
This revision was automatically updated to reflect the committed changes.