From b27e160d15d765c9928262f33e6b30bea835fdfc Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Tue, 2 Apr 2019 14:10:18 -0400 Subject: [PATCH] Update required Django version to 1.11.20 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From Django 1.11.16. * Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7. * Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion since Django 1.11.14 (#29959). * CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view. The URL path is no longer displayed in the default 404 template and the request_path context variable is now quoted to fix the issue for custom templates that use the path * CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. * Corrected packaging error from 1.11.19 (#30175). https://docs.djangoproject.com/en/2.1/releases/1.11.17/ https://docs.djangoproject.com/en/2.1/releases/1.11.18/ https://docs.djangoproject.com/en/2.1/releases/1.11.19/ https://docs.djangoproject.com/en/2.1/releases/1.11.20/ Signed-off-by: Roberto Rosario --- requirements/common.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/common.txt b/requirements/common.txt index 5f0e6689c3..570526c502 100644 --- a/requirements/common.txt +++ b/requirements/common.txt @@ -1,2 +1,2 @@ -Django==1.11.16 +Django==1.11.20 -r base.txt