Page MenuHomeSolus

Update python-django to 2.2.4
ClosedPublic

Authored by maverick1 on Sat, Aug 3, 5:38 PM.

Details

Summary

Django 2.2.4 fixes security issues and several bugs in 2.2.3.

Changelog

  • Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used.
  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00').
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved .

Security

  • CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator.
  • CVE-2019-14233: Denial-of-service possibility in strip_tags().
  • CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField.
  • CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri().
Test Plan

Created django project, ran server and made changes in database for previously created projects successfully.

Diff Detail

Repository
R2575 python-django
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
maverick1 created this revision.Sat, Aug 3, 5:38 PM
maverick1 requested review of this revision.Sat, Aug 3, 5:38 PM
maverick1 edited the summary of this revision. (Show Details)Sat, Aug 3, 5:38 PM
maverick1 added a project: Restricted Project.Sun, Aug 4, 3:38 AM

Are my Differential Revisions deferred?

Jacalz added a subscriber: Jacalz.Sun, Aug 4, 3:43 PM

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

Just a little tip, not super important though :)

maverick1 edited the summary of this revision. (Show Details)Sun, Aug 4, 4:06 PM

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

    Just a little tip, not super important though :)

Thanks @Jacalz

Jacalz awarded a token.Sun, Aug 4, 4:08 PM
JoshStrobl accepted this revision.Sun, Aug 4, 4:34 PM
JoshStrobl added a subscriber: JoshStrobl.

Are my Differential Revisions deferred?

No, sorry. I've been dealing with some family matters so I haven't been able to focus on Solus patch review. Apologies.

The patch looks good, thank you for providing it.

This revision is now accepted and ready to land.Sun, Aug 4, 4:34 PM
This revision was automatically updated to reflect the committed changes.

FYI this has been cherrypicked onto the stable repo.