Changelog
### 1.11.20
```
============================
*February 11, 2019*
Django 1.11.20 fixes a packaging error in 1.11.19.
Bugfixes
========
* Corrected packaging error from 1.11.19 (:ticket:`30175`).
============================
```
### 1.11.19
```
============================
*February 11, 2019*
Django 1.11.19 fixes a security issue in 1.11.18.
CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
--------------------------------------------------------------------------
If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
filters -- received a ``Decimal`` with a large number of digits or a large
exponent, it could lead to significant memory usage due to a call to
``'{:f}'.format()``.
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
============================
```
Links
- PyPI: https://pypi.org/project/django
- Changelog: https://pyup.io/changelogs/django/
- Homepage: https://www.djangoproject.com/
This PR updates django from 1.11.18 to 1.11.20.
Changelog
### 1.11.20 ``` ============================ *February 11, 2019* Django 1.11.20 fixes a packaging error in 1.11.19. Bugfixes ======== * Corrected packaging error from 1.11.19 (:ticket:`30175`). ============================ ``` ### 1.11.19 ``` ============================ *February 11, 2019* Django 1.11.19 fixes a security issue in 1.11.18. CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()`` -------------------------------------------------------------------------- If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates filters -- received a ``Decimal`` with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ``'{:f}'.format()``. To avoid this, decimals with more than 200 digits are now formatted using scientific notation. ============================ ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/