Page MenuHomeSolus
Differential D6877

Update python-django to 2.2.4
ClosedPublic
Actions

Authored by maverick1 on Aug 3 2019, 5:38 PM.
Tags
  • Restricted Project
Referenced Files
F11052289: D6877.id16462.diff
Thu, Aug 10, 9:14 PM
F11052288: D6877.id.diff
Thu, Aug 10, 9:14 PM
F11052287: D6877.id16457.diff
Thu, Aug 10, 9:14 PM
F11046599: D6877.diff
Thu, Aug 10, 1:46 PM
F11037035: D6877.diff
Wed, Aug 9, 7:59 PM
F11010076: D6877.diff
Wed, Aug 2, 10:38 PM
F10970661: D6877.diff
Fri, Jul 21, 3:34 AM
F10965526: D6877.id16462.diff
Wed, Jul 19, 10:06 PM
View All 17 Files
Subscribers
Jacalz
JoshStrobl
Tokens
"Like" token, awarded by Jacalz.

Details

Reviewers
JoshStrobl
Group Reviewers
Triage Team
Commits
R2575:c12001f699b1: Update python-django to 2.2.4
Summary

Django 2.2.4 fixes security issues and several bugs in 2.2.3.

Changelog

  • Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used.
  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00').
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved .

Security

  • CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator.
  • CVE-2019-14233: Denial-of-service possibility in strip_tags().
  • CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField.
  • CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri().
Test Plan

Created django project, ran server and made changes in database for previously created projects successfully.

Diff Detail

Repository
R2575 python-django
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

maverick1 created this revision.Aug 3 2019, 5:38 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptAug 3 2019, 5:38 PM
maverick1 requested review of this revision.Aug 3 2019, 5:38 PM
maverick1 edited the summary of this revision. (Show Details)Aug 3 2019, 5:38 PM
maverick1 added a project: Restricted Project.Aug 4 2019, 3:38 AM

Are my Differential Revisions deferred?

Jacalz added a subscriber: Jacalz.Aug 4 2019, 3:43 PM

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

Just a little tip, not super important though :)

maverick1 edited the summary of this revision. (Show Details)Aug 4 2019, 4:06 PM
In D6877#108588, @Jacalz wrote:

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

Just a little tip, not super important though :)

Thanks @Jacalz

Jacalz awarded a token.Aug 4 2019, 4:08 PM
JoshStrobl accepted this revision.Aug 4 2019, 4:34 PM
JoshStrobl added a subscriber: JoshStrobl.
In D6877#108572, @maverick1 wrote:

Are my Differential Revisions deferred?

No, sorry. I've been dealing with some family matters so I haven't been able to focus on Solus patch review. Apologies.

The patch looks good, thank you for providing it.

This revision is now accepted and ready to land.Aug 4 2019, 4:34 PM
Closed by commit R2575:c12001f699b1: Update python-django to 2.2.4 (authored by maverick1, committed by JoshStrobl). · Explain WhyAug 4 2019, 4:35 PM
This revision was automatically updated to reflect the committed changes.
JoshStrobl added a comment.Aug 4 2019, 4:51 PM

FYI this has been cherrypicked onto the stable repo.

maverick1 added a comment.Aug 4 2019, 7:14 PM

@JoshStrobl Thanks Josh!

Revision Contents
Changeset List

PathSize
6 lines
20 lines

Diff 16462

View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.