* Thu Feb 23 2023 Matej Cepl <mcepl@suse.com>
- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
bsc#1208082) to prevent DOS in file uploads.
* Fri Apr 03 2020 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.12:
* Added the ability to handle .po files containing different plural
equations for the same language (#30439).
* Wed Mar 18 2020 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.11
* fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance
parameter in GIS functions and aggregates on Oracle
* Tue Feb 04 2020 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.10
- drop pyyaml53.patch
* fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)``
* Wed Jan 15 2020 Ondřej Súkup <mimi.vx@gmail.com>
- add pyyaml53.patch - fix tests with PyYAML 5.3
* Sun Dec 29 2019 Ondřej Súkup <mimi.vx@gmail.com>
- Update to 2.2.9
* CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447)
* Fixed a data loss possibility in SplitArrayField.
* Fri Nov 15 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.7:
* Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
* Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
* Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
* Restored the ability to override get_FOO_display() (#30931).
* Fri Nov 15 2019 Tomáš Chvátal <tchvatal@suse.com>
- Require full python interpreter on build and runtime
* Mon Oct 07 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.6:
* Fixed migrations crash on SQLite when altering a model
containing partial indexes (#30754).
* Fixed a regression in Django 2.2.4 that caused a crash when
filtering with a Subquery() annotation of a queryset containing
JSONField or HStoreField (#30769).
* Mon Sep 16 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.5:
* Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673).
* Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672).
* Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449).
* Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500).
* Thu Aug 01 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.4:
* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
* Thu Jul 18 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.3:
* CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶
* Mon Jun 03 2019 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.2
* Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
* Fixes CVE-2019-11358: Prototype pollution
* Tue May 07 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update keyring file
Version: 2.2.28-bp153.2.3.1
* Tue Oct 04 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2022-41323.patch (bsc#1203793, CVE-2022-41323)
* Backport fix and tests from uptream branch 3.2.X
- Add test_custom_fields.patch
* Required to fix an inspectdb test
* Mon Aug 08 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2022-36359.patch (CVE-2022-36359, bsc#1201923)
* Backport fix and tests from uptream branch 3.2.X
- Rename Django-2.2.28.tar.gz.asc to Django-2.2.28.checksum.txt
* The source validator try to validate the signature agains
Django-2.2.28.tar.gz, instead of the checksum message itself
* Mon Apr 11 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Update to 2.2.28 (bsc#1198297)
* Many CVEs fixes (check https://github.com/django/django/blob/main/docs/releases/)
Version: 2.2.12-bp152.1.3
* Fri Apr 03 2020 Tomá? Chvátal <tchvatal@suse.com>
- Update to 2.2.12:
* Added the ability to handle .po files containing different plural
equations for the same language (#30439).
* Wed Mar 18 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2.11
* fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance
parameter in GIS functions and aggregates on Oracle
* Tue Feb 04 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2.10
- drop pyyaml53.patch
* fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)``
* Wed Jan 15 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- add pyyaml53.patch - fix tests with PyYAML 5.3
* Sun Dec 29 2019 Ond?ej Súkup <mimi.vx@gmail.com>
- Update to 2.2.9
* CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447)
* Fixed a data loss possibility in SplitArrayField.
Version: 2.2.1-bp151.2.2
* Tue May 07 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update keyring file
* Mon May 06 2019 Alberto Planas Dominguez <aplanas@suse.com>
- Update to 2.2.1
* Fixed a regression in Django 2.1 that caused the incorrect quoting
of database user password when using dbshell on Oracle (#30307).
* Added compatibility for psycopg2 2.8 (#30331).
* Fixed a regression in Django 2.2 that caused a crash when loading
the template for the technical 500 debug page (#30324).
* Fixed crash of ordering argument in ArrayAgg and StringAgg when it
contains an expression with params (#30332).
* Fixed a regression in Django 2.2 that caused a single instance
fast-delete to not set the primary key to None (#30330).
* Prevented makemigrations from generating infinite migrations for
check constraints and partial indexes when condition contains a
range object (#30350). Reverted an optimization in Django 2.2
(#29725) that caused the inconsistent behavior of count() and
exists() on a reverse many-to-many relationship with a custom
manager (#30325).
* Fixed a regression in Django 2.2 where Paginator crashes if
object_list is a queryset ordered or aggregated over a nested
JSONField key transform (#30335).
* Fixed a regression in Django 2.2 where IntegerField validation of
database limits crashes if limit_value attribute in a custom
validator is callable (#30328).
* Fixed a regression in Django 2.2 where SearchVector generates SQL
that is not indexable (#30385).
* Fixed a regression in Django 2.2 that caused an exception to be
raised when a custom error handler could not be imported (#30318).
* Relaxed the system check added in Django 2.2 for the admin app’s
dependencies to reallow use of SessionMiddleware subclasses,
rather than requiring django.contrib.sessions to be in
INSTALLED_APPS (#30312).
* Increased the default timeout when using Watchman to 5 seconds to
prevent falling back to StatReloader on larger projects and made
it customizable via the DJANGO_WATCHMAN_TIMEOUT environment
variable (#30361).
* Fixed a regression in Django 2.2 that caused a crash when
migrating permissions for proxy models if the target permissions
already existed. For example, when a permission had been created
manually or a model had been migrated from concrete to proxy
(#30351).
* Fixed a regression in Django 2.2 that caused a crash of runserver
when URLConf modules raised exceptions (#30323).
* Fixed a regression in Django 2.2 where changes were not reliably
detected by auto-reloader when using StatReloader (#30323).
* Fixed a migration crash on Oracle and PostgreSQL when adding a
check constraint with a contains, startswith, or endswith lookup
(or their case-insensitive variant) (#30408).
* Fixed a migration crash on Oracle and SQLite when adding a check
constraint with condition contains | (OR) operator (#30412).
* Wed Apr 10 2019 John Vandenberg <jayvdb@gmail.com>
- Add test_clear_site_cache-sort.patch to workaround flaky test
- Add bcond_with for selenium and memcached, as those tests are inactive,
and add missing dependencies and setup for selenium testing
- Move removal of executable bit from a JavaScript file to %prep
- Fix fdupes
* Wed Apr 03 2019 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2
- drop pyyaml5.patch
- add i18n_test.patch
* HttpRequest.headers to allow simple access to a request?s headers.
* Database-level constraints on models.
* Watchman compatibility for runserver to improve the performance
* Sat Mar 23 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patch to build with PyYAML >5:
* pyyaml5.patch
* Tue Feb 12 2019 Thomas Bechtold <tbechtold@suse.com>
- update to 2.1.7 (CVE-2019-6975, bsc#1124991):
* Corrected packaging error from 2.1.6
* Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() ? used by contrib.admin as well
as the the floatformat, filesizeformat, and intcomma templates
filters ? received a Decimal with a large number of digits or a
large exponent, it could lead to significant memory usage
due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted
using scientific notation.
* Made the obj argument of InlineModelAdmin.has_add_permission() optional
to restore backwards compatibility with third-party code that doesn?t
provide it
* Thu Jan 10 2019 Thomas Bechtold <tbechtold@suse.com>
- update to 2.1.5 (CVE-2019-3498, bsc#1120932):
* CVE-2019-3498: Content spoofing possibility in the default 404 page
* Fixed compatibility with mysqlclient 1.3.14 (#30013).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop
and rebuild your SQLite database if you applied a migration while using
an older version of Django with SQLite 3.26 or later (#29182).
* Prevented SQLite schema alterations while foreign key checks are enabled
to avoid the possibility of schema corruption (#30023).
* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
where request body data isn?t properly consumed for such
connections (#30015).
* Fixed a regression in Django 2.1.4 where
InlineModelAdmin.has_change_permission() is incorrectly called with
a non-None obj argument during an object add (#30050).
* Mon Dec 10 2018 Ond?ej Súkup <mimi.vx@gmail.com>
- Update to version 2.1.4
* Corrected the default password list that CommonPasswordValidator uses
by lowercasing all passwords to match the format expected by the validator
* Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in
an attempt to fix a random crash involving LooseVersion
* Fixed keep-alive support in runserver after it was disabled o 2.0
* Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields
* Fixed ?Please correct the errors below? error message when editing an object
in the admin if the user only has the ?view? permission on inlines
* Fixed a regression in Django 2.0 where combining Q objects with __in lookups
and lists crashed
* Fixed a regression in Django 2.0 where test databases aren?t reused
with manage.py test --keepdb on MySQL
* Fixed a regression where cached foreign keys that use to_field were
incorrectly cleared in Model.save()
* Fixed a regression in Django 2.0 where FileSystemStorage crashes
with FileExistsError if concurrent saves try to create the same directory
* Thu Oct 04 2018 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 2.1.2
* CVE-2018-16984: Password hash disclosure to ?view only? admin
users
* Fixed a regression where nonexistent joins in F() no longer raised
FieldError (#29727).
* Fixed a regression where files starting with a tilde or underscore
weren?t ignored by the migrations loader (#29749).
* Made migrations detect changes to Meta.default_related_name
(#29755).
* Added compatibility for cx_Oracle 7 (#29759).
* Fixed a regression in Django 2.0 where unique index names weren?t
quoted (#29778).
* Fixed a regression where sliced queries with multiple columns with
the same name crashed on Oracle 12.1 (#29630).
* Fixed a crash when a user with the view (but not change)
permission made a POST request to an admin user change form
(#29809).
* Tue Sep 18 2018 Mat?j Cepl <mcepl@suse.com>
- Switch of BR selenium for non-Intel platforms.
* Tue Sep 04 2018 Ond?ej Súkup <mimi.vx@gmail.com>
- update to version 2.1.1
- drop django-urlencode.patch
* Fixed a race condition in QuerySet.update_or_create() that could result
in data loss
* Fixed a regression where QueryDict.urlencode() crashed if the dictionary
contains a non-string value
* Fixed a regression in Django 2.0 where using manage.py test --keepdb fails
on PostgreSQL if the database exists and the user doesn?t have permission
to create databases
* Fixed a regression in Django 2.0 where combining Q objects with __in
lookups and lists crashed
* Fixed translation failure of DurationField?s ?overflow? error message
* Fixed a regression where the admin change form crashed if the user doesn?t
have the ?add? permission to a model that uses TabularInline
* Fixed a regression where a related_query_name reverse accessor wasn?t
set up when a GenericRelation is declared on an abstract base model
* Fixed the test client?s JSON serialization of a request data dictionary
for structured content type suffixes
* Made the admin change view redirect to the changelist view after a POST
if the user has the ?view? permission
* Fixed admin change view crash for view-only users if the form
has an extra form field
* Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list()
after combining querysets with extra() with union(), difference(),
or intersection() crashed due to mismatching columns
* Tue Aug 14 2018 tchvatal@suse.com
- Apply patch to fix urlencode nonstring values:
* django-urlencode.patch
* Wed Aug 08 2018 tchvatal@suse.com
- Enable testsuite
* Wed Aug 08 2018 mimi.vx@gmail.com
- update to version 2.1
- move bash completion to right location
- for full chanfges please see https://docs.djangoproject.com/en/2.1/releases/2.1/
* Dropped support for MySQL 5.5
* Dropped support for PostgreSQL 9.3
* Support for SpatiaLite 4.0 is removed
* Support for SQLite < 3.7.15 is removed.
* Mon Jul 02 2018 aplanas@suse.com
- update to version 2.0.7:
* Fixed admin changelist crash when using a query expression without
asc() or desc() in the page?s ordering (#29428).
* Fixed admin check crash when using a query expression in
ModelAdmin.ordering (#29428).
* Fixed __regex and __iregex lookups with MySQL 8 (#29451).
* Fixed migrations crash with namespace packages on Python 3.7
(#28814).
- update to version 2.0.6
* Fixed a regression that broke custom template filters that use
decorators (#29400).
* Fixed detection of custom URL converters in included patterns
(#29415).
* Fixed a regression that added an unnecessary subquery to the GROUP
BY clause on MySQL when using a RawSQL annotation (#29416).
* Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS
3.6.1+ (#29460).
* Fixed a regression in Django 1.10 that could result in large
memory usage when making edits using ModelAdmin.list_editable
(#28462).
- update to version 2.0.5
* Corrected the import paths that inspectdb generates for
django.contrib.postgres fields (#29307).
* Fixed a regression in Django 1.11.8 where altering a field with a
unique constraint may drop and rebuild more foreign keys than
necessary (#29193).
* Fixed crashes in django.contrib.admindocs when a view is a
callable object, such as django.contrib.syndication.views.Feed
(#29296).
* Fixed a regression in Django 1.11.12 where QuerySet.values() or
values_list() after combining an annotated and unannotated
queryset with union(), difference(), or intersection() crashed due
to mismatching columns (#29286).
Version: 2.0.4-bp150.2.4
* Sat Apr 07 2018 tbechtold@suse.com
- update to version 2.0.4:
* Fixed #29265 -- Removed the suggestion to hardcode static URLs.
* Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
* Fixed #29195 -- Fixed Exists.output_field resolution on single-valued queries.
* Fixed links to Sphinx docs.
* Fixed typo in docs/releases/2.0.4.txt.
* Clarified docs about ISO 8601 week numbering.
* Fixed #29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID.
* Added CVE-2018-7536,7 to the security release archive.
* Fixed #29221 -- Corrected admin's autocomplete widget to add a space after custom classes.
* Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets.
* Added a pagination example to ListView docs.
* Fixed #28514 -- Clarifed docs about idempotence of RelatedManager.add().
* isorted import statements in tutorial example.
* Fixed #29192 -- Corrected docs regarding overriding fields from abstract base classes.
* Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations.
* Added stub release notes for 1.11.12.
* Fixed #29165 -- Clarified how to load initial data with migrations.
* Fixed #29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant.
* Reverted "Expanded docs for AbstractBaseUser.has_usable_password()."
* Fixed typo in docs/releases/2.0.4/1.11.12.txt.
* Bumped version for 2.0.4 release.
* Fixed #29250 -- Added 'django_version' context to startapp/project docs.
* Added release date for 2.0.4 and 1.11.12.
* Post-release version bump.
* Clarified a sentence in docs/topics/i18n/translation.txt.
* Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection().
* Added stub release notes for 2.0.4.
* Fixed a couple mistakes in docs/ref/forms/widgets.txt.
* Fixed #28655 -- Added more examples for customizing widgets in a form.
* Mon Mar 19 2018 tbechtold@suse.com
- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537):
* Fixed #29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets.
* Added CVE-2018-6188 to the security release archive.
* Post-release version bump.
* Updated translations from Transifex
* Added stub release notes for security releases.
* Fixed incorrect regex in re_path() example.
* Fixed #29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments.
* Fixed #29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks.
* Used a CSS positioning in tutorial 6 that doesn't differ across browsers.
* Fixed typo in bulk_create() documentation.
* Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
* Removed blank lines per isort 4.3.0.
* Added stub release notes for 2.0.3.
* Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
* Fixed #29172 -- Fixed crash with Window expression in a subquery.
* Fixed #29166 -- Fixed crash in When() expression with a list argument.
* Fixed #24270 -- Doc'd that django_bash_completion is only in the source distribution.
* Improved clarity of docs/topics/install.txt.
* Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value.
* Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
* Bumped version for 2.0.3 release.
* Corrected doc'd type of some parameters from string to str.
* Fixed #29146 -- Readded ^ and $ inadvertently removed from re_path() examples.
* Fixed #29107 -- Doc'd that ModelForm doesn't actually inherit from Form.
* Switched test requirement to new psycopg2-binary package.
* Added backticks around obj argument in admin docs.
* Fixed typo in docs/topics/forms/media.txt.
* Fixed #29109 -- Fixed the admin time picker widget for the Thai locale.
* Fixed #29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
* Wed Feb 07 2018 tbechtold@suse.com
- update to 2.0.2 (bsc#1077714, CVE-2018-6188):
* Fixed #28883 -- Doc'd that the uuid URL path converter matches lowercase only letters.
* Fixed a GeoIP2 test failure with the latest GeoIP2 database.
* Added stub release notes for 2.0.1.
* Bumped version for 2.0.2 release.
* Fixed location of spatialite_source label.
* Fixed #28958 -- Fixed admin changelist crash when using a query expression in the page's ordering.
* Fixed #28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list.
* Fixed #29032 -- Fixed an example of using expressions in QuerySet.values().
* Disambiguated "settings" in SpatiaLite note.
* Fixed typo in docs/topics/testing/advanced.txt.
* Post-release version bump.
* Refs #25604 -- Removed docs for makemigrations --exit.
* Fixed #29002 -- Corrected cached template loader docs about when it's automatically enabled.
* Fixed typo in TemplateCommand argument help text.
* Added stub release notes for 1.11.9.
* Fixed #28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField.
* Refs #29086 -- Doc'd how to detect bytestring mistakes.
* Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs.
* Fixed #29081 -- Clarified comments in QuerySet.select_related() example.
* Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup.
* Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table.
* Removed 'development' word in contributing docs
* Fixed #29055 -- Doc'd that escapejs doesn't make template literals safe.
* Fixed #29016 -- Fixed incorrect foreign key nullification on related instance deletion.
* Fixed grammar in docs/releases/2.0.txt.
* Fixed #29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does.
* Fixed #28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()).
* Fixed #29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py.
* Fixed #28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields.
* Fixed #28896 -- Reallowed filtering a queryset with GeometryField=None.
* Fixed #28891 -- Documented Origin's loader attribute.
* Confirmed support for PostGIS 2.4.
* Wrapped an import per isort.
* Added release date for 2.0.1 and 1.11.9.
* Fixed #28884 -- Fixed crash on SQLite when renaming a field in a model referenced by a ManyToManyField.
* Fixed "template tag" spelling in docs.
* Fixed #28947 -- Fixed crash when coercing a translatable URL pattern to str.
* Fixed typo in docs/topics/i18n/translation.txt.
* Refs #28932 -- Skipped the failing test for refs #28915 on Oracle.
* Refs #25181 -- Updated timezone.now() docs about obtaining the time in the current time zone.
* Updated documented mysqlclient requirement to 1.3.7.
* Fixed #28885 -- Fixed hidden content at the bottom of the "The install worked successfully!" page for some languages.
* Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs.
* Fixed #29067 -- Fixed regression in QuerySet.values_list(..., flat=True) followed by annotate().
* Removed note in tutorial about bypassing manage.py.
* Fixed #28929 -- Corrected QUnit examples.
* Refs #28958 -- Added a test for ModelAdmin with query expressions in ordering.
* Updated various links in docs to use HTTPS.
* Expanded docs for AbstractBaseUser.has_usable_password().
* Fixed #29017 -- Updated BaseCommand.leave_locale_alone doc per refs #24073.
* Doc'd specifying the ENGINE setting as part of configuring contrib.gis.
* Added stub release notes for 1.11.10.
* Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase.
* Fixed #28784 -- Clarified how migrate --fake works.
* Fixed typo in docs/ref/models/expressions.txt.
* Fixed #29094 -- Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields.
* Refs #28876 -- Fixed incorrect foreign key constraint name for models with quoted db_table.
* Bumped version for 2.0.1 release.
* Fixed #25277 -- Restored test dependency to the original python-memcached.
* Fixed #28761 -- Documented how an inline formset's prefix works.
* Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI.
* Fixed #28966 -- Doc'd that the uuid URL path converter requires dashes
* Fixed #29054 -- Fixed a regression where a queryset that annotates with geometry objects crashes.
* Reverted "[1.11.x] Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI."
* Added "Python 3 Only" trove classifier.
* Fixed #28941 -- Fixed crash in testserver command startup.
* Fixed import in docs/ref/models/conditional-expressions.txt example.
* Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
* Fixed #28594 -- Removed Jython docs and specific code
* Renamed the "Supported versions" label.
* Fixed #28878 -- Added python_requires in setup.py and a warning for older pips that don't recognize it.
* Fixed typo in docs/ref/contrib/admin/index.txt.
* Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI.
* Added stub release notes for 2.0.2.
* Fixed #28938 -- Corrected Python compatibility in the tutorial.
* Fixed #28890 -- Removed newlines between MultiWidget's subwidgets.
* Tue Dec 12 2017 mimi.vx@gmail.com
- update to 2.0
* drop python 2 support
* Simplified URL routing syntax
* Mobile-friendly contrib.admin
* Window expressions
* Removed support for bytestrings in some places
* Dropped support for Oracle 11.2
- Please read Release Notes - https://docs.djangoproject.com/en/2.0/releases/2.0/
* Tue Dec 12 2017 tbechtold@suse.com
- update to 1.11.8:
* Fixed #28488 -- Reallowed error handlers to access CSRF tokens.
* Fixed #28856 -- Fixed a regression in caching of a GenericForeignKey
pointing to a MTI model.
* Fixed #28597 -- Fixed crash with the name of a model's autogenerated primary
key in an Index's fields.
* Added stub release notes for 1.11.7.
* Fixed #28305 -- Fixed "Cannot change column 'x': used in a foreign key constraint"
crash on MySQL with a sequence of AlterField or RenameField operations.
* Fixed #28689 -- Fixed unquoted table names in Subquery SQL when using OuterRef.
* Added assertion helpers for PostgreSQL's server-side cursor tests.
* Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs.
* Fixed #28786 -- Doc'd middleware ordering considerations due to
CommonMiddleware setting Content-Length.
* Added release date for 1.11.8.
* Fixed #28702 -- Made query lookups for CIText fields use citext.
* Added 2017-12794 to the security release archive.
* Fixed typo in docs/topics/cache.txt.
* Bumped version for 1.11.6 release.
* Added release date for 1.11.6.
* Fixed #28648 -- Corrected typo in docs/topics/db/queries.txt.
* Bumped version for 1.11.7 release.
* Added stub release notes for 1.11.8.
* Fixed #28848 -- Fixed SQLite/MySQL crash when ordering by a filtered
subquery that uses nulls_first/nulls_last.
* Fixed typo in docs/topics/db/aggregation.txt.
* Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
* Fixed typo in docs/topics/forms/media.txt.
* Bumped version for 1.11.8 release.
* Fixed typo in docs/ref/models/querysets.txt.
* Fixed test failures due to ordering differences on PostgreSQL 10.
* Fixed #28710 -- Fixed the Basque DATE_FORMAT string
* Added stub release notes for 1.11.6.
* Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments.
* Fixed #28817 -- Made QuerySet.iterator() use server-side cursors after
values() and values_list().
* Post-release version bump.
* Fixed #28792 -- Fixed index name truncation of namespaced tables.
* Fixed #28781 -- Added QuerySet.values()/values_list() support for union(),
difference(), and intersection().
* Fixed #28722 -- Made QuerySet.reverse() affect nulls_first/nulls_last.
* Refs #28710 -- Simplified l10n format test
* Initialized CsrfViewMiddleware once in csrf_tests.
* Added release date for 1.11.7.
* Linked to prefetch_related_objects func in DB optimization docs.
* Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user
error when using ModelBackend.
* Fixed #28653 -- Added missing ForeignKey.on_delete argument in docs.
* Fixed #28561 -- Removed inaccurate docs about QuerySet.order_by() and joins.
* Fixed #28555 -- Made CharField convert whitespace-only values to the
empty_value when strip is enabled.
* Fixed #28601 -- Prevented cache.get_or_set() from caching None if default
is a callable that returns None.
* Wed Sep 20 2017 toddrme2178@gmail.com
- update to version 1.11.5
* CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
* Fixed GEOS version parsing if the version has a commit hash at the end (new
in GEOS 3.6.2) (:ticket:`28441`).
* Added compatibility for ``cx_Oracle`` 6 (:ticket:`28498`).
* Fixed select widget rendering when option values are tuples (:ticket:`28502`).
* Django 1.11 inadvertently changed the sequence and trigger naming scheme on
Oracle. This causes errors on INSERTs for some tables if
``'use_returning_into': False`` is in the ``OPTIONS`` part of ``DATABASES``.
The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
upgrade script in :ticket:`28451` comment 8 to update sequence and trigger
names to use the pre-1.11 naming scheme.
* Added POST request support to ``LogoutView``, for equivalence with the
function-based ``logout()`` view (:ticket:`28513`).
* Omitted ``pages_per_range`` from ``BrinIndex.deconstruct()`` if it's ``None``
(:ticket:`25809`).
* Fixed a regression where ``SelectDateWidget`` localized the years in the
select box (:ticket:`28530`).
* Fixed a regression in 1.11.4 where ``runserver`` crashed with non-Unicode
system encodings on Python 2 + Windows (:ticket:`28487`).
* Fixed a regression in Django 1.10 where changes to a ``ManyToManyField``
weren't logged in the admin change history (:ticket:`27998`) and prevented
``ManyToManyField`` initial data in model forms from being affected by
subsequent model changes (:ticket:`28543`).
* Fixed non-deterministic results or an ``AssertionError`` crash in some
queries with multiple joins (:ticket:`26522`).
* Fixed a regression in ``contrib.auth``'s ``login()`` and ``logout()`` views
where they ignored positional arguments (:ticket:`28550`).
* Thu Aug 10 2017 tbechtold@suse.com
- update to version 1.11.4:
* Fixed #27939 -- Updated OpenLayersWidget.map_srid for OpenLayers 3.
* Fixed #27956 -- Fixed display of errors in an {% extends %} child.
* Updated various links in docs to avoid redirects
* Fixed typo in docs/topics/auth/default.txt.
* Double quoted HTML attributes in widget docs
* Fixed #28303 -- Prevented localization of attribute values in the DTL attrs.html widget template.
* Added stub release notes for 1.11.3.
* Documented OSMWidget.default_lat/lon.
* Fixed #28101 -- Fixed a regression with nested __in subquery lookups and to_field.
* Bumped version for 1.11.4 release.
* Bumped version for 1.11.3 release.
* Updated translations from Transifex
* Fixed #28039 -- Fixed crash in BaseGeometryWidget.subwidgets().
* Fixed #28242 -- Moved ImageField file extension validation to the form field.
* Made docs/topics/migrations.txt use single quotes consistently.
* Fixed #28355 -- Fixed widget rendering of non-ASCII date/time formats on Python 2.
* Updated name of topics/db/queries link on index.
* Fixed #28025 -- Fixed typo in docs/ref/models/querysets.txt.
* Fixed #28043 -- Prevented AddIndex and RemoveIndex from mutating model state.
* Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
* Fixed #28361 -- Fixed possible time-related failure in was_published_recently() tutorial test.
* Fixed #28265 -- Prevented renderer warning on Widget.render() with **kwargs.
* Fixed typo in docs/topics/testing/advanced.txt.
* Fixed #28125 -- Clarified 1.11 release note about Template.render() prohibiting non-dict context.
* Refs #18974 -- Added stacklevel for permalink() deprecation.
* Fixed #28350 -- Fixed UnboundLocalError crash in RenameField with nonexistent field.
* Fixed #28051 -- Made migrations respect Index's name argument.
* Fixed #28420 -- Doc'd 'is' comparison restriction for User.is_authenticated/anonymous.
* Added release date for 1.11.4.
* Refs #28174 -- Fixed autoreload test crash on Python 2/non-ASCII path.
* Fixed #28389 -- Fixed pickling of LazyObject on Python 2 when wrapped object doesn't have __reduce__().
* Fixed #28148 -- Doc'd ImageField name validation concerns with the test client.
* Added stub release notes for 1.11.2.
* Fixed #27890 -- Fixed FileNotFoundError cleanup exception in runtests.py on Python 3.6+.
* Fixed #28138 -- Used output type handler instead of numbersAsStrings on Oracle cursor.
* Fixed widgets module path in docs/ref/contrib/gis/forms-api.txt.
* Fixed #27947 -- Doc'd that model Field.error_messages often don't propagate to forms.
* Fixed #28067 -- Clarified __str__() return type when using python_2_unicode_compatible().
* Fixed docstring typo in django/contrib/admin/actions.py.
* Fixed #28102 -- Doc'd how to compute path to built-in widget template directories.
* Fixed #28352 -- Corrected QuerySet.values_list() return type in docs examples.
* Fixed #28181 -- Added detection for GDAL 2.1 and 2.0.
* Refs #23853 -- Updated sql.query.Query.join() docstring.
* Added a test for Model._meta._property_names.
* Refs #27919 -- Changed Widget.get_context() attrs kwarg to an arg.
* Fixed #28415 -- Clarified what characters ASCII/UnicodeUsernameValidator accept.
* Fixed #28074 -- Doc'd template-based widget rendering changes for contrib.gis.
* Fixed #28278 -- Fixed invalid HTML for a required AdminFileWidget.
* Added content_type filtering in Permission querying example.
* Corrected FileExtensionValidator doc regarding the value being validated.
* Fixed #27960 -- Set errcheck=False for GDALAllRegister to prevent crash.
* Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
* Fixed #27969 -- Fixed models.Field.formfield() setting 'disabled' for fields with choices.
* Post-release version bump.
* Fixed #28298 -- Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False.
* Refs #28192 -- Fixed documentation of ChoiceField choices requirement
* Fixed #27966 -- Bumped required psycopg2 version to 2.5.4.
* Linked GIS QuerySet API docs to corresponding PostGIS docs.
* Fixed #27974 -- Kept resolved templates constant during one rendering cycle.
* Refs #28100 -- Fixed URL in el, es_MX, and pt auth translations
* Fixed typo in docs/ref/request-response.txt.
* Fixed #27963 -- Removed unneeded docstring example in contributing docs.
* Added stub release notes for security releases.
* Fixed #28349 -- Doc'd how to upgrade Django from LTS to LTS.
* Fixed typo in docs/ref/forms/fields.txt.
* Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
* Fixed #28170 -- Fixed file_move_safe() crash when moving files to a CIFS mount.
* Fixed broken links to Oracle docs.
* Fixed #27554 -- Fixed prefetch_related() crash when fetching relations in nested Prefetches.
* Added links and cosmetic edits to docs/ref/request-response.txt.
* Added stub release notes for 1.11.1.
* Fixed #28079 -- Restored "No POST data" (rather than an empty table) in HTML debug page.
* Removed incorrect "required" attribute in docs/ref/forms/fields.txt.
* Fixed #28176 -- Restored the uncasted option value in ChoiceWidget template context.
* Refs #24423 -- Readded inadvertently deleted i18n tests.
* Fixed #27965 -- Fixed precision comparison in a geoforms test (refs #27939).
* Corrected post-release version bump.
* Made runtests.py run gis_tests only when using a GIS database backend.
* Fixed #28230 -- Allowed DjangoJsonEncoder to serialize CallableBool.
* Fixed broken link to QUnit docs.
* Removed MySQL (unsupported) from Perimeter docs.
* Fixed #28266 -- Fixed typo in docs/ref/models/instances.txt.
* Fixed #28139 -- Added another level of headings in the topics index.
* Fixed #28003 -- Doc'd what an auto-created OneToOneField parent_link looks like.
* Fixed #28160 -- Prevented hiding GDAL exceptions when it's not installed.
* Updated man page for Django 1.11.
* Fixed #27988 -- Fixed typo in docs/ref/django-admin.txt.
* Fixed #28199 -- Fixed Subquery generating unnecessary/invalid CAST.
* Fixed #28122 -- Fixed crash when overriding views.static.directory_index()'s template.
* Fixed AppRegistryNotReady error when running gis_tests in isolation on PostGIS.
* Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD.
* Fixed #28040 -- Updated SplitArrayWidget to use template-based widget rendering.
* Fixed #28269 -- Fixed Model.__init__() crash on models with a field that has an instance only descriptor.
* Tested EmailMessage(attachments=[MIMEText])
* Clarified return value of NumGeometries GIS function.
* Refs #27935 -- Fixed BrinIndex.max_name_length if a project's default database isn't PostgreSQL.
* Fixed #28058 -- Restored empty BoundFields evaluating to True.
* Replaced "not A== B" with "A != B" in docs/howto/writing-migrations.txt.
* Added CVE-2017-7233,4 to the security release archive.
* Fixed #28204 -- Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if InvalidPage message contains non-ASCII.
* Fixed #27935 -- Fixed crash with BrinIndex name > 30 characters.
* Fixed #28293 -- Fixed union(), intersection(), and difference() when combining with an EmptyQuerySet.
* Fixed #28222 -- Allowed settable properties in QuerySet.update_or_create()/get_or_create() defaults.
* Refs #27556, #27488 -- Updated support backends docs for isvalid lookup.
* Fixed nondeterministic ordering test failure in model_forms.
* Fixed #28345 -- Applied limit_choices_to during ModelForm.__init__().
* Fixed #27981 -- Doc'd date/time filter l10n changes in refs #25758.
* Made a few cosmetic updates to "Migrations that add unique fields".
* Bumped version for 1.11 release.
* Fixed #28004 -- Doc'd how to create migrations for an app without a migrations directory.
* Fixed #28202 -- Fixed FieldListFilter.get_queryset() crash on invalid input.
* Fixed #27949 -- Doc'd how OpenLayers 3 widgets work.
* Pass type to sql_alter_column_* where it was missing.
* Fixed #27866 -- Made ChoiceWidget.format_value() return a list
* Fixed #28308 -- Doc'd removal of Select.render_option() (refs #15667).
* Fixed #28178 -- Changed contrib.gis to raise ImproperlyConfigured if gdal isn't installed.
* Fixed #28284 -- Prevented Paginator's unordered object list warning from evaluating a QuerySet.
* Fixed #28209 -- Made date-based generic views return a 404 rather than crash when given an out of range date.
* Fixed #28161 -- Fixed return type of ArrayField(CITextField()).
* Corrected docs regarding MySQL support of Length GIS function.
* Fixed #28175 -- Fixed __in lookups on a foreign key when using the foreign key's parent model as the lookup value.
* Refs #18247 -- Fixed SQLite QuerySet filtering on decimal result of Least and Greatest.
* Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
* Fixed #27644 -- Doc'd FileSystemStorage.get_created_time().
* Added test for intersection() when combining with a queryset raising EmptyResultSet.
* Fixed #28197 -- Fixed introspection of index field ordering on PostgreSQL.
* Removed extra characters in docs header underlines.
* Fixed GEOSGeometry reference in GIS tutorial.
* Refs #28066 -- Fixed Python 2 failures in sessions_tests.
* Removed obsolete Widget.format_output() in tests.
* Fixed #28059 -- Restored class attribute in <ul> of widgets that use multiple_input.html.
* Fixed typo in docs/ref/contrib/postgres/fields.txt.
* Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6.
* Fixed #28031 -- Removed notes about old uWSGI/sentry versions (refs #20537).
* Removed unexpected initial attribute in data migration examples.
* Renamed "Mac OS X" to "macOS" in docs.
* Sorted imports per isort 4.2.9.
* Refs #28138 -- Added release notes for d52577b62b3138674807ac74251fab7faed48331.
* Back to the future.
* Fixed #27993 -- Fixed model form default fallback for SelectMultiple.
* Refs #27866 -- Adapted backport for Python 2 compatibility
* Removed unused links in docs/internals/contributing/triaging-tickets.txt.
* Clarified QuerySet.iterator()'s docs on server-side cursors.
* Fixed #28096 -- Allowed prefetch calls with ModelIterable subclasses
* Fixed #28414 -- Fixed ClearableFileInput rendering as a subwidget of MultiWidget.
* Corrected REPL example in forms docs for Python 3.
* Refs #28181 -- Corrected detection of GDAL 2.1 on Windows.
* Fixed #28075 -- Prevented ChoiceWidget from localizing option values.
* Fixed #28282 -- Fixed class-based indexes name for models that only inherit Model.
* Fixed #28038 -- Restored casting to text of builtin lookups on PostgreSQL.
* Fixed #28418 -- Fixed queryset crash when using a GenericRelation to a proxy model.
* Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
* Fixed #28105 -- Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs.
* Refs #28160 -- Skipped a GeoManager test if not using a GIS database backend.
* Fixed #28157 -- Fixed choice ordering in form fields with grouped and non-grouped options.
* Fixed #28095 -- Doc'd Widget.build_attrs() signature change in Django 1.11.
* Fixed a forms test after updated translations.
* Fixed 403 link in docs/ref/contrib/gis/install/spatialite.txt.
* Simplified schema.tests with assertForeignKeyExists()/assertForeignKeyNotExists().
* Fixed #28336 -- Fixed typo in docs/ref/settings.txt.
* Fixed #28378 -- Fixed union() and difference() when combining with a queryset raising EmptyResultSet.
* Refs #28052 -- Cleaned up some indexes in schema tests.
* Fixed #28047 -- Fixed QuerySet.filter() crash when it uses the name of a OneToOneField pk.
* Added release date for 1.11.1.
* Fixed #28327 -- Removed contradictory description of mod_wsgi docs.
* Clarified "newly-introduced features" in the supported versions policy.
* Fixed docs build with Sphinx 1.6.
* Fixed #28239 -- Removed docs for a removed arg of template.Context.
* Bumped version for 1.11.2 release.
* Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.
* Updated postgis.net and gaia-gis.it links to https.
* Fixed typos in docs/topic/db/search.txt.
* Fixed #28174 -- Fixed crash in runserver's autoreload with Python 2 on Windows with non-str environment variables.
* Fixed typos in docs/howto/static-files/index.txt.
* Fixed #28294 -- Doc'd request/args/kwargs attributes of class-based views.
* Fixed #27967 -- Fixed KeyError in admin's inline form with inherited non-editable pk.
* Fixed db backend discovery in admin_scripts tests.
* Fixed outdated TIME_FORMAT in docs/ref/templates/builtins.txt.
* Fixed #26028 -- Added overriding templates howto.
* Updated was_published_recently() tutorial test to check boundary condition.
* Fix a typo in django/db/transaction.py
* Fixed #28109 -- Corrected the stack level of unordered queryset pagination warnings.
* Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.
* Refs #22397 -- Removed model in test cleanup
* Fixed #28052 -- Prevented dropping Meta.indexes when changing db_index to False.
* Fixed #18485 -- Doc'd behavior of PostgreSQL when manually setting AutoField.
* Updated core translations from Transifex
* Fixed #28166 -- Fixed Model._state.db on MTI parent model after saving child model.
* Added missing import in docs/topics/db/queries.txt.
* Refs #27919 -- Passed ChoiceWidget.create_option() kwargs as expected.
* Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
* Fixed #27975 -- Fixed crash if ModelChoiceField's queryset=None.
* Added release date for 1.11.2.
* Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
* Fixed #28159 -- Fixed BaseInlineFormSet._construct_form() crash when using save_as_new.
* Removed an obsolete temporal reference in docs/faq/general.txt.
* Fixed #28042 -- Fixed crash when using a two-tuple in EmailMessage's attachments arg.
* Fixed #27945 -- Clarified that RegexValidator searches with the regex.
* Linked GIS functions docs to corresponding PostGIS docs.
* Refs #17453 -- Fixed broken link to #django IRC logs.
* Fixed gis_tests.geoapp test with incorrect geodetic coordinates.
* Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.
* Fixed #27730 -- Doc'd that template vars created outside a block can't be used in it.
* Fixed #28069 -- Moved setup_test_environment() warning in tutorial 5.
* Fixed #28130 -- Fixed formset min_num validation with initial, unchanged forms.
* Fixed #28091 -- Re-raised original exception when closing cursor cleanup fails
* Clarified backend support of Area GIS function.
* Fixed #28387 -- Fixed has_changed() for disabled form fields that subclass it.
* Fixed #27915 -- Allowed Meta.indexes to be defined in abstract models.
* Fixed #26755 -- Fixed test_middleware_classes_headers if Django source isn't writable.
* Fixed #28188 -- Fixed crash when pickling model fields.
* Fixed typo in docs/ref/models/querysets.txt.
* Pointed Dive into Python links to python3 site
* Refs #25240 -- Added ExtractWeek examples.
* Added some shell output in tutorial 2.
* Removed inappropriate highlighting in committing-code.txt.
* Fixed #28399 -- Fixed QuerySet.count() for union(), difference(), and intersection() queries.
* Fixed #28212 -- Allowed customizing the port that LiveServerTestCase uses.
* Fixed flake8 warning on Python 2.
* Clarified meaning of "Optional" in auth.models.User field docs.
* Clarified HStoreField model/form difference in 1.11 release notes.
* Removed self from method signatures in docs.
* Added stub release notes for 1.11.4.
* Updated tests after French translation update
* Fixed #27603 -- Fixed AsKML when queryset is evaluated more than once.
* Fixed #28262 -- Fixed incorrect DisallowedModelAdminLookup when a nested reverse relation is in list_filter.
* Fixed #27434 -- Doc'd how to raise a model validation error for a field not in a model form.
* Refs #21415 -- Fixed contrib.humanize translations for es_AR
* Fixed #27655 -- Added some guidelines to the coding style docs.
* Updated contrib translations from Transifex
* Removed nonexistent methods from File's docs.
* Doc'd the need to remove default ordering on Subquery aggregates.
* Fixed broken link to mysqlclient docs.
* Fixed #28210 -- Fixed Model._state.adding on MTI parent model after saving child model.
* Removed usage of deprecated sphinx.util.compat.Directive.
* Refs #28100 -- Added 1.11.1 release note for e6bfd3d751278d7cfd09af1120c4bbce509c05da.
* Fixed #28190 -- Clarifed how include/extends treat template names.
* Refs #26294 -- Fixed typo in docs/ref/django-admin.txt.
* Refs #28091 -- Fixed typo and rephrased 1.11.1 release note.
* Fixed typo in docs/ref/class-based-views/mixins-single-object.txt.
* Bumped version for 1.11.1 release.
* Added release date for 1.11.3.
* Bumped version for 1.11 release candidate 1.
* Simplified tutorial's test names and docstrings.
* Fixed typo in django/db/backends/base/schema.py comment.
* Fixed #28233 -- Used a simpler example in the aggregation "cheat sheet" docs.
- Require python-pytz and Recommend python-bcrypt
* Wed Aug 09 2017 toddrme2178@gmail.com
- Fix building on older Python versions.
* Mon Jul 10 2017 toddrme2178@gmail.com
- Fix wrong-script-interpreter rpmlint error.
* Mon May 08 2017 toddrme2178@gmail.com
- django-admin.py should be the master, not django-admin.
* Sat May 06 2017 toddrme2178@gmail.com
- Don't provide python2-django or python2-South, singlespec
packages should use correct name.
* Thu May 04 2017 toddrme2178@gmail.com
- Implement single-spec version.
* Tue Apr 04 2017 appleonkel@opensuse.org
- Update to 1.10.7
Bugfixes
* Made admin?s RelatedFieldWidgetWrapper use the wrapped widget?s
value_omitted_from_data() method (#27905)
* Fixed model form default fallback for SelectMultiple (#27993)
* Wed Mar 01 2017 appleonkel@opensuse.org
- Update to 1.10.6
Bugfixes
* Fixed ClearableFileInput?s ?Clear? checkbox on model form fields where the
model field has a default
* Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than
generating a bad request response
* Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or
IntegerField from DateField
* Fixed query expression date subtraction accuracy on PostgreSQL for differences
large an a month
* Fixed a GDALException raised by GDALClose on GDAL >= 2.0
* Tue Jan 31 2017 michal@cihar.com
- Update to 1.10.5
* See https://docs.djangoproject.com/en/1.10/releases/1.10/
* Full text search for PostgreSQL
* New-style middleware
* Official support for Unicode usernames
* Fri Dec 02 2016 appleonkel@opensuse.org
- Update to 1.9.12
Bugfixes
* Quoted the Oracle test user?s password in queries to fix the ?ORA-00922: missing
or invalid option? error when the password starts with a number or
special character (#27420)
* DNS rebinding vulnerability when DEBUG=True
* CSRF protection bypass on a site with Google Analytics
Version: 1.9.9-2.1
* Sat Sep 24 2016 sbahling@suse.com
- Change Requires: python-Pillow to python-imaging for compatibility
with SLE-12 which provides PIL instead of Pillow.
* Tue Aug 09 2016 aplanas@suse.com
- Update to 1.9.9
Bugfixes
* Fixed invalid HTML in template postmortem on the debug page
(#26938).
* Fixed some GIS database function crashes on MySQL 5.7 (#26657).
- Update to 1.9.8
Fix XSS in admin?s add/change related popup (bsc#988420)
Unsafe usage of JavaScript?s Element.innerHTML could result in XSS
in the admin?s add/change related popup. Element.textContent is now
used to prevent execution of the data.
The debug view also used innerHTML. Although a security issue wasn?t
identified there, out of an abundance of caution it?s also updated
to use textContent.
Bugfixes
* Fixed missing varchar/text_pattern_ops index on CharField and
TextField respectively when using AddField on PostgreSQL (#26889).
* Fixed makemessages crash on Python 2 with non-ASCII file names
(#26897).
- Update to 1.9.7
Bugfixes
* Removed the need for the request context processor on the admin
login page to fix a regression in 1.9 (#26558).
* Fixed translation of password validators? help_text in forms
(#26544).
* Fixed a regression causing the cached template loader to crash
when using lazy template names (#26603).
* Fixed on_commit callbacks execution order when callbacks make
transactions (#26627).
* Fixed HStoreField to raise a ValidationError instead of crashing
on non-dictionary JSON input (#26672).
* Fixed dbshell crash on PostgreSQL with an empty database name
(#26698).
* Fixed a regression in queries on a OneToOneField that has to_field
and primary_key=True (#26667).
* Tue May 03 2016 aplanas@suse.com
- Update to 1.9.6
Bugfixes
* Added support for relative path redirects to the test client and
to SimpleTestCase.assertRedirects() because Django 1.9 no longer
converts redirects to absolute URIs (#26428).
* Fixed TimeField microseconds round-tripping on MySQL and SQLite
(#26498).
* Prevented makemigrations from generating infinite migrations for a
model field that references a functools.partial (#26475).
* Fixed a regression where SessionBase.pop() returned None rather
than raising a KeyError for nonexistent values (#26520).
* Fixed a regression causing the cached template loader to crash
when using template names starting with a dash (#26536).
* Restored conversion of an empty string to null when saving values
of GenericIPAddressField on SQLite and MySQL (#26557).
* Fixed a makemessages regression where temporary .py extensions
were leaked in source file paths (#26341).
* Sun May 01 2016 michael@stroeder.com
- Update to 1.9.5
* Tue Feb 02 2016 aplanas@suse.com
- Update to 1.9.2
Security issue
* User with "change" but not "add" permission can create objects for
ModelAdmin's with save_as=True
Backwards incompatible change
* .py-tpl files rewritten in project/app templates
Bugfixes
* Fixed a regression in ConditionalGetMiddleware causing
If-None-Match checks to always return HTTP 200 (#26024).
* Fixed a regression that caused the "user-tools" items to display
on the admin's logout page (#26035).
* Fixed a crash in the translations system when the current language
has no translations (#26046).
* Fixed a regression that caused the incorrect day to be selected
when opening the admin calendar widget for timezones from GMT+0100
to GMT+1200 (#24980).
* Fixed a regression in the admin's edit related model popup that
caused an escaped value to be displayed in the select dropdown of
the parent window (#25997).
* Fixed a regression in 1.8.8 causing incorrect index handling in
migrations on PostgreSQL when adding db_index=True or unique=True
to a CharField or TextField that already had the other specified,
or when removing one of them from a field that had both, or when
adding unique=True to a field already listed in unique_together
(#26034).
* Fixed a regression where defining a relation on an abstract
model's field using a string model name without an app_label no
longer resolved that reference to the abstract model's app if
using that model in another application (#25858).
* Fixed a crash when destroying an existing test database on MySQL
or PostgreSQL (#26096).
* Fixed CSRF cookie check on POST requests when
USE_X_FORWARDED_PORT=True (#26094).
* Fixed a QuerySet.order_by() crash when ordering by a relational
field of a ManyToManyField through model (#26092).
* Fixed a regression that caused an exception when making database
queries on SQLite with more than 2000 parameters when DEBUG is
True on distributions that increase the SQLITE_MAX_VARIABLE_NUMBER
compile-time limit to over 2000, such as Debian (#26063).
* Fixed a crash when using a reverse OneToOneField in
ModelAdmin.readonly_fields (#26060).
* Fixed a crash when calling the migrate command in a test case with
the available_apps attribute pointing to an application with
migrations disabled using the MIGRATION_MODULES setting (#26135).
* Restored the ability for testing and debugging tools to determine
the template from which a node came from, even during template
inheritance or inclusion. Prior to Django 1.9, debugging tools
could access the template origin from the node via
Node.token.source[0]. This was an undocumented, private API. The
origin is now available directly on each node using the
Node.origin attribute (#25848).
* Fixed a regression in Django 1.8.5 that broke copying a
SimpleLazyObject with copy.copy() (#26122).
* Always included geometry_field in the GeoJSON serializer output
regardless of the fields parameter (#26138).
* Fixed the contrib.gis map widgets when using
USE_THOUSAND_SEPARATOR=True (#20415).
* Made invalid forms display the initial of values of their disabled
fields (#26129).
* Wed Jan 27 2016 aplanas@suse.com
- Update to 1.9.1
Bugfixes
* Fixed BaseCache.get_or_set() with the DummyCache backend (#25840).
* Fixed a regression in FormMixin causing forms to be validated
twice (#25548, #26018).
* Fixed a system check crash with nested ArrayFields (#25867).
* Fixed a state bug when migrating a SeparateDatabaseAndState
operation backwards (#25896).
* Fixed a regression in CommonMiddleware causing If-None-Match
checks to always return HTTP 200 (#25900).
* Fixed missing varchar/text_pattern_ops index on CharField and
TextField respectively when using AlterField on PostgreSQL
(#25412).
* Fixed admin’s delete confirmation page’s summary counts of related
objects (#25883).
* Added from __future__ import unicode_literals to the default
apps.py created by startapp on Python 2 (#25909). Add this line to
your own apps.py files created using Django 1.9 if you want your
migrations to work on both Python 2 and Python 3.
* Prevented QuerySet.delete() from crashing on MySQL when querying
across relations.
* Fixed evaluation of zero-length slices of QuerySet.values()
(#25894).
* ...
* https://docs.djangoproject.com/en/1.9/releases/1.9.1/
* Wed Dec 02 2015 aplanas@suse.com
- update to 1.9
* https://docs.djangoproject.com/en/1.9/releases/1.9/
* Performing actions after a transaction commit
* Password validation
* Permission mixins for class-based views
* New styling for "contrib.admin"
* Running tests in parallel
* Tue Nov 10 2015 tbechtold@suse.com
- update to 1.8.6:
* https://docs.djangoproject.com/en/1.8/releases/1.8.5/
* https://docs.djangoproject.com/en/1.8/releases/1.8.6/
* Tue Nov 10 2015 tbechtold@suse.com
- add missing Requires for python-setuptools (bsc#952198)
/usr/bin/django-admin needs the pkg_resources framework from
python-setuptools to run properly.
* Sun Sep 20 2015 tbechtold@suse.com
- update to 1.8.4 (CVE-2015-5963):
* https://docs.djangoproject.com/en/1.8/releases/1.8.4/
* Fri Jul 10 2015 astieger@suse.com
- add keyring and verify source signature
* Fri Jul 10 2015 dmueller@suse.com
- update to 1.8.3:
* https://docs.djangoproject.com/en/1.8/releases/1.8.3/
Various bugfixes/security fixes (CVE-2015-5145, bsc#937524)
* Tue May 26 2015 dmueller@suse.com
- update to 1.8.2 (CVE-2015-3982):
* https://docs.djangoproject.com/en/1.8/releases/1.8.2/
* https://docs.djangoproject.com/en/1.8/releases/1.8.1/
* Thu Apr 02 2015 aplanas@suse.com
- Update to Django 1.8
* "Long-Term Support" (LTS) release
New features:
* Model._meta API
* Multiple template engines
* Security enhancements
* New PostgreSQL specific functionality
* New data types
* Query Expressions, Conditional Expressions, and Database Functions
* TestCase data setup
Backwards incompatible changes:
* Related object operations are run in a transaction
* Assigning unsaved objects to relations raises an error
* Management commands that only accept positional arguments
* Custom test management command arguments through test runner
* Model check ensures auto-generated column names are within limits
specified by database
* Query relation lookups now check object types
* select_related() now checks given fields
* Default EmailField.max_length increased to 254
* (DROP) Support for PostgreSQL versions older than 9.0
* (DROP) Support for MySQL versions older than 5.5
* (DROP) Support for Oracle versions older than 11.1
* Specific privileges used instead of roles for tests on Oracle
* ...
* Mon Mar 23 2015 mcihar@suse.cz
- Update to Django 1.7.7:
Security issues:
* Denial-of-service possibility with strip_tags()
* Mitigated possible XSS attack via user-supplied redirect URLs
Bugfixes:
* Fixed renaming of classes in migrations where renaming a subclass would
cause incorrect state to be recorded for objects that referenced the
superclass (#24354).
* Stopped writing migration files in dry run mode when merging migration
conflicts. When makemigrations --merge is called with verbosity=3 the
migration file is written to stdout (:ticket: 24427).
* Wed Mar 11 2015 aplanas@suse.com
- Update to Djano 1.7.6:
Bugfixes
* Mitigated an XSS attack via properties in
"ModelAdmin.readonly_fields"
* Fixed crash when coercing "ManyRelatedManager" to a string
(#24352).
* Fixed a bug that prevented migrations from adding a foreign key
constraint when converting an existing field to a foreign key
(#24447).
* Fri Feb 27 2015 aplanas@suse.com
- Update to Django 1.7.5:
Bugfixes
* Reverted a fix that prevented a migration crash when unapplying
contrib.contenttypes's or contrib.auth's first migration (#24075)
due to severe impact on the test performance (#24251) and problems
in multi-database setups (#24298).
* Fixed a regression that prevented custom fields inheriting from
ManyToManyField from being recognized in migrations (#24236).
* Fixed crash in contrib.sites migrations when a default database
isn't used (#24332).
* Added the ability to set the isolation level on PostgreSQL with
psycopg2 >= 2.4.2 (#24318). It was advertised as a new feature in
Django 1.6 but it didn't work in practice.
* Formats for the Azerbaijani locale (az) have been added.
* Fri Jan 30 2015 aplanas@suse.com
- Update to Django 1.7.4:
Bugfixes
* Fixed a migration crash when unapplying ``contrib.contenttypes``?s
or ``contrib.auth``?s first migration (:ticket:`24075`).
* Made the migration's ``RenameModel`` operation rename
``ManyToManyField`` tables (:ticket:`24135`).
* Fixed a migration crash on MySQL when migrating from a
``OneToOneField`` to a ``ForeignKey`` (:ticket:`24163`).
* Prevented the ``static.serve`` view from producing
``ResourceWarning``\s in certain circumstances (security fix
regression, :ticket:`24193`).
* Fixed schema check for ManyToManyField to look for internal type
instead of checking class instance, so you can write custom
m2m-like fields with the same behavior. (:ticket:`24104`).
* Wed Jan 14 2015 mcihar@suse.cz
- Update to Django 1.7.3:
Security fixes:
* WSGI header spoofing via underscore/dash conflation.
* Mitigated possible XSS attack via user-supplied redirect URLs.
* Denial-of-service attack against django.views.static.serve.
* Database denial-of-service with ModelMultipleChoiceField.
Bug fixes:
* The default iteration count for the PBKDF2 password hasher has been
increased by 25%. This part of the normal major release process was
inadvertently omitted in 1.7. This backwards compatible change will not
affect users who have subclassed
django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default
value.
* Fixed a crash in the CSRF middleware when handling non-ASCII referer
header (#23815).
* Fixed a crash in the django.contrib.auth.redirect_to_login view when
passing a reverse_lazy() result on Python 3 (#24097).
* Added correct formats for Greek (el) (#23967).
* Fixed a migration crash when unapplying a migration where multiple
operations interact with the same model (#24110).
* Sun Jan 11 2015 p.drouand@gmail.com
- South has been merged in main Django; provide and obsolete it