Page MenuHomeSolus

Update python-django to 2.2.4
ClosedPublic

Authored by maverick1 on Aug 3 2019, 5:38 PM.
Tags
  • Restricted Project
Referenced Files
F11052289: D6877.id16462.diff
Thu, Aug 10, 9:14 PM
F11052288: D6877.id.diff
Thu, Aug 10, 9:14 PM
F11052287: D6877.id16457.diff
Thu, Aug 10, 9:14 PM
F11046599: D6877.diff
Thu, Aug 10, 1:46 PM
F11037035: D6877.diff
Wed, Aug 9, 7:59 PM
F11010076: D6877.diff
Wed, Aug 2, 10:38 PM
F10970661: D6877.diff
Fri, Jul 21, 3:34 AM
F10965526: D6877.id16462.diff
Wed, Jul 19, 10:06 PM
Subscribers
Tokens
"Like" token, awarded by Jacalz.

Details

Summary

Django 2.2.4 fixes security issues and several bugs in 2.2.3.

Changelog

  • Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used.
  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00').
  • Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved .

Security

  • CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator.
  • CVE-2019-14233: Denial-of-service possibility in strip_tags().
  • CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField.
  • CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri().
Test Plan

Created django project, ran server and made changes in database for previously created projects successfully.

Diff Detail

Repository
R2575 python-django
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

maverick1 added a project: Restricted Project.Aug 4 2019, 3:38 AM

Are my Differential Revisions deferred?

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

Just a little tip, not super important though :)

Just a little tip for you on getting a more readable summary:

  • Changes can be changed to Changelog: or Summarized Changelog: if you have summarized it.
  • The CVEs can be put under Security: below the Changelog.

Just a little tip, not super important though :)

Thanks @Jacalz

JoshStrobl added a subscriber: JoshStrobl.

Are my Differential Revisions deferred?

No, sorry. I've been dealing with some family matters so I haven't been able to focus on Solus patch review. Apologies.

The patch looks good, thank you for providing it.

This revision is now accepted and ready to land.Aug 4 2019, 4:34 PM
This revision was automatically updated to reflect the committed changes.

FYI this has been cherrypicked onto the stable repo.