Changelog
### 2.1.8
```
==========================
*April 1, 2019*
Django 2.1.8 fixes a bug in 2.1.7.
Bugfixes
========
* Prevented admin inlines for a ``ManyToManyField``\'s implicit through model
from being editable if the user only has the view permission
(:ticket:`30289`).
==========================
```
### 2.1.7
```
==========================
*February 11, 2019*
Django 2.1.7 fixes a packaging error in 2.1.6.
Bugfixes
========
* Corrected packaging error from 2.1.6 (:ticket:`30175`).
==========================
```
### 2.1.5
```
==========================
*January 4, 2019*
Django 2.1.5 fixes a security issue and several bugs in 2.1.4.
CVE-2019-3498: Content spoofing possibility in the default 404 page
-------------------------------------------------------------------
An attacker could craft a malicious URL that could make spoofed content appear
on the default page generated by the ``django.views.defaults.page_not_found()``
view.
The URL path is no longer displayed in the default 404 template and the
``request_path`` context variable is now quoted to fix the issue for custom
templates that use the path.
Bugfixes
========
* Fixed compatibility with mysqlclient 1.3.14 (:ticket:`30013`).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and
rebuild your SQLite database if you applied a migration while using an older
version of Django with SQLite 3.26 or later (:ticket:`29182`).
* Prevented SQLite schema alterations while foreign key checks are enabled to
avoid the possibility of schema corruption (:ticket:`30023`).
* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
where request body data isn't properly consumed for such connections
(:ticket:`30015`).
* Fixed a regression in Django 2.1.4 where
``InlineModelAdmin.has_change_permission()`` is incorrectly called with a
non-``None`` ``obj`` argument during an object add (:ticket:`30050`).
==========================
```
### 2.1.4
```
==========================
*December 3, 2018*
Django 2.1.4 fixes several bugs in 2.1.3.
Bugfixes
========
* Corrected the default password list that ``CommonPasswordValidator`` uses by
lowercasing all passwords to match the format expected by the validator
(:ticket:`29952`).
* Prevented repetitive calls to ``geos_version_tuple()`` in the ``WKBWriter``
class in an attempt to fix a random crash involving ``LooseVersion``
(:ticket:`29959`).
* Fixed keep-alive support in ``runserver`` after it was disabled to fix
another issue in Django 2.0 (:ticket:`29849`).
* Fixed admin view-only change form crash when using
``ModelAdmin.prepopulated_fields`` (:ticket:`29929`).
* Fixed "Please correct the errors below" error message when editing an object
in the admin if the user only has the "view" permission on inlines
(:ticket:`29930`).
==========================
```
Links
- PyPI: https://pypi.org/project/django
- Changelog: https://pyup.io/changelogs/django/
- Homepage: https://www.djangoproject.com/
This PR updates Django from 2.1.3 to 2.1.8.
Changelog
### 2.1.8 ``` ========================== *April 1, 2019* Django 2.1.8 fixes a bug in 2.1.7. Bugfixes ======== * Prevented admin inlines for a ``ManyToManyField``\'s implicit through model from being editable if the user only has the view permission (:ticket:`30289`). ========================== ``` ### 2.1.7 ``` ========================== *February 11, 2019* Django 2.1.7 fixes a packaging error in 2.1.6. Bugfixes ======== * Corrected packaging error from 2.1.6 (:ticket:`30175`). ========================== ``` ### 2.1.5 ``` ========================== *January 4, 2019* Django 2.1.5 fixes a security issue and several bugs in 2.1.4. CVE-2019-3498: Content spoofing possibility in the default 404 page ------------------------------------------------------------------- An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the ``django.views.defaults.page_not_found()`` view. The URL path is no longer displayed in the default 404 template and the ``request_path`` context variable is now quoted to fix the issue for custom templates that use the path. Bugfixes ======== * Fixed compatibility with mysqlclient 1.3.14 (:ticket:`30013`). * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later (:ticket:`29182`). * Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption (:ticket:`30023`). * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn't properly consumed for such connections (:ticket:`30015`). * Fixed a regression in Django 2.1.4 where ``InlineModelAdmin.has_change_permission()`` is incorrectly called with a non-``None`` ``obj`` argument during an object add (:ticket:`30050`). ========================== ``` ### 2.1.4 ``` ========================== *December 3, 2018* Django 2.1.4 fixes several bugs in 2.1.3. Bugfixes ======== * Corrected the default password list that ``CommonPasswordValidator`` uses by lowercasing all passwords to match the format expected by the validator (:ticket:`29952`). * Prevented repetitive calls to ``geos_version_tuple()`` in the ``WKBWriter`` class in an attempt to fix a random crash involving ``LooseVersion`` (:ticket:`29959`). * Fixed keep-alive support in ``runserver`` after it was disabled to fix another issue in Django 2.0 (:ticket:`29849`). * Fixed admin view-only change form crash when using ``ModelAdmin.prepopulated_fields`` (:ticket:`29929`). * Fixed "Please correct the errors below" error message when editing an object in the admin if the user only has the "view" permission on inlines (:ticket:`29930`). ========================== ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/