b27e160d15
From Django 1.11.16. * Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7. * Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion since Django 1.11.14 (#29959). * CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view. The URL path is no longer displayed in the default 404 template and the request_path context variable is now quoted to fix the issue for custom templates that use the path * CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. * Corrected packaging error from 1.11.19 (#30175). https://docs.djangoproject.com/en/2.1/releases/1.11.17/ https://docs.djangoproject.com/en/2.1/releases/1.11.18/ https://docs.djangoproject.com/en/2.1/releases/1.11.19/ https://docs.djangoproject.com/en/2.1/releases/1.11.20/ Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
3 lines
28 B
Plaintext
3 lines
28 B
Plaintext
Django==1.11.20
|
|
-r base.txt
|