search

mozilla / missioncontrol

Real-time monitoring of Firefox release health
Mozilla Public License 2.0
21 stars 18 forks source link

Update django to 1.11.5 #133

Closed pyup-bot closed 7 years ago

pyup-bot commented 7 years ago

There's a new version of Django available. You are currently using 1.11.4. I have updated it to 1.11.5

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG = True (which makes this page accessible) in your production settings.

Bugfixes

  • Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2) (:ticket:28441).

  • Added compatibility for cx_Oracle 6 (:ticket:28498).

  • Fixed select widget rendering when option values are tuples (:ticket:28502).

  • Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in :ticket:28451 comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme.

  • Added POST request support to LogoutView, for equivalence with the function-based logout() view (:ticket:28513).

  • Omitted pages_per_range from BrinIndex.deconstruct() if it's None (:ticket:25809).

  • Fixed a regression where SelectDateWidget localized the years in the select box (:ticket:28530).

  • Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows (:ticket:28487).

  • Fixed a regression in Django 1.10 where changes to a ManyToManyField weren't logged in the admin change history (:ticket:27998) and prevented ManyToManyField initial data in model forms from being affected by subsequent model changes (:ticket:28543).

  • Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins (:ticket:26522).

  • Fixed a regression in contrib.auth's login() and logout() views where they ignored positional arguments (:ticket:28550).

===========================

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

codecov-io commented 7 years ago

Codecov Report

Merging #133 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #133   +/-   ##
=======================================
  Coverage   62.53%   62.53%           
=======================================
  Files          15       15           
  Lines         355      355           
  Branches       51       51           
=======================================
  Hits          222      222           
  Misses        121      121           
  Partials       12       12

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9fd280d...548a81a. Read the comment docs.