Changelog
### 2.1.7
```
==========================
*February 11, 2019*
Django 2.1.7 fixes a packaging error in 2.1.6.
Bugfixes
========
* Corrected packaging error from 2.1.6 (:ticket:`30175`).
==========================
```
### 2.1.6
```
==========================
*February 11, 2019*
Django 2.1.6 fixes a security issue and a bug in 2.1.5.
CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
--------------------------------------------------------------------------
If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
filters -- received a ``Decimal`` with a large number of digits or a large
exponent, it could lead to significant memory usage due to a call to
``'{:f}'.format()``.
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
Bugfixes
========
* Made the ``obj`` argument of ``InlineModelAdmin.has_add_permission()``
optional to restore backwards compatibility with third-party code that
doesn't provide it (:ticket:`30097`).
==========================
```
Links
- PyPI: https://pypi.org/project/django
- Changelog: https://pyup.io/changelogs/django/
- Homepage: https://www.djangoproject.com/
This PR updates django from 2.1.5 to 2.1.7.
Changelog
### 2.1.7 ``` ========================== *February 11, 2019* Django 2.1.7 fixes a packaging error in 2.1.6. Bugfixes ======== * Corrected packaging error from 2.1.6 (:ticket:`30175`). ========================== ``` ### 2.1.6 ``` ========================== *February 11, 2019* Django 2.1.6 fixes a security issue and a bug in 2.1.5. CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()`` -------------------------------------------------------------------------- If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates filters -- received a ``Decimal`` with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ``'{:f}'.format()``. To avoid this, decimals with more than 200 digits are now formatted using scientific notation. Bugfixes ======== * Made the ``obj`` argument of ``InlineModelAdmin.has_add_permission()`` optional to restore backwards compatibility with third-party code that doesn't provide it (:ticket:`30097`). ========================== ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/