Skip to content

Update django to 1.11.5#43

Merged
patrick91 merged 1 commit intomasterfrom
pyup-update-django-1.11.4-to-1.11.5
Sep 5, 2017
Merged

Update django to 1.11.5#43
patrick91 merged 1 commit intomasterfrom
pyup-update-django-1.11.4-to-1.11.5

Conversation

@pyup-bot
Copy link
Copy Markdown
Contributor

@pyup-bot pyup-bot commented Sep 5, 2017

There's a new version of Django available.
You are currently using 1.11.4. I have updated it to 1.11.5

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.

Bugfixes

  • Fixed GEOS version parsing if the version has a commit hash at the end (new
    in GEOS 3.6.2) (:ticket:28441).
  • Added compatibility for cx_Oracle 6 (:ticket:28498).
  • Fixed select widget rendering when option values are tuples (:ticket:28502).
  • Django 1.11 inadvertently changed the sequence and trigger naming scheme on
    Oracle. This causes errors on INSERTs for some tables if
    'use_returning_into': False is in the OPTIONS part of DATABASES.
    The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
    requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
    upgrade script in 🎫28451 comment 8 to update sequence and trigger
    names to use the pre-1.11 naming scheme.
  • Added POST request support to LogoutView, for equivalence with the
    function-based logout() view (:ticket:28513).
  • Omitted pages_per_range from BrinIndex.deconstruct() if it's None
    (:ticket:25809).
  • Fixed a regression where SelectDateWidget localized the years in the
    select box (:ticket:28530).
  • Fixed a regression in 1.11.4 where runserver crashed with non-Unicode
    system encodings on Python 2 + Windows (:ticket:28487).
  • Fixed a regression in Django 1.10 where changes to a ManyToManyField
    weren't logged in the admin change history (:ticket:27998) and prevented
    ManyToManyField initial data in model forms from being affected by
    subsequent model changes (:ticket:28543).
  • Fixed non-deterministic results or an AssertionError crash in some
    queries with multiple joins (:ticket:26522).
  • Fixed a regression in contrib.auth's login() and logout() views
    where they ignored positional arguments (:ticket:28550).

===========================

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

@patrick91 patrick91 merged commit 5332426 into master Sep 5, 2017
@patrick91 patrick91 deleted the pyup-update-django-1.11.4-to-1.11.5 branch September 5, 2017 21:41
@marcoacierno marcoacierno mentioned this pull request Apr 25, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrick91 patrick91 patrick91 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pyup-bot @patrick91