Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update django to 2.1.5 #86

Merged
merged 1 commit into from
Jan 4, 2019
Merged

Update django to 2.1.5 #86

merged 1 commit into from
Jan 4, 2019

Conversation

pyup-bot
Copy link
Contributor

@pyup-bot pyup-bot commented Jan 4, 2019

This PR updates django from 2.1.4 to 2.1.5.

Changelog

2.1.5

==========================

*January 4, 2019*

Django 2.1.5 fixes a security issue and several bugs in 2.1.4.

CVE-2019-3498: Content spoofing possibility in the default 404 page
-------------------------------------------------------------------

An attacker could craft a malicious URL that could make spoofed content appear
on the default page generated by the ``django.views.defaults.page_not_found()``
view.

The URL path is no longer displayed in the default 404 template and the
``request_path`` context variable is now quoted to fix the issue for custom
templates that use the path.

Bugfixes
========

* Fixed compatibility with mysqlclient 1.3.14 (:ticket:`30013`).

* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and
rebuild your SQLite database if you applied a migration while using an older
version of Django with SQLite 3.26 or later (:ticket:`29182`).

* Prevented SQLite schema alterations while foreign key checks are enabled to
avoid the possibility of schema corruption (:ticket:`30023`).

* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
where request body data isn't properly consumed for such connections
(:ticket:`30015`).

* Fixed a regression in Django 2.1.4 where
``InlineModelAdmin.has_change_permission()`` is incorrectly called with a
non-``None`` ``obj`` argument during an object add (:ticket:`30050`).


==========================
Links

@pyup-bot pyup-bot requested a review from djbrown as a code owner January 4, 2019 16:40
@codecov-io
Copy link

codecov-io commented Jan 4, 2019
edited

Codecov Report

Merging #86 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #86   +/-   ##
=======================================
  Coverage   36.41%   36.41%           
=======================================
  Files          32       32           
  Lines         552      552           
  Branches       24       24           
=======================================
  Hits          201      201           
  Misses        350      350           
  Partials        1        1

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0f26f8d...050d3b6. Read the comment docs.

@coveralls
Copy link

Pull Request Test Coverage Report for Build 340

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 33.833%
Totals Coverage Status
Change from base Build 331: 0.0%
Covered Lines: 202
Relevant Lines: 552
💛 - Coveralls

@djbrown djbrown merged commit 1df7844 into master Jan 4, 2019
@djbrown djbrown deleted the pyup-update-django-2.1.4-to-2.1.5 branch January 10, 2019 23:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djbrown djbrown Awaiting requested review from djbrown djbrown is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pyup-bot @codecov-io @coveralls @djbrown