diff options
author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2021-07-16 13:02:57 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-07-17 06:52:51 -0700 |
commit | 98e00710b7c1cf20092b8ff8fa7c01f153ff95ab (patch) | |
tree | 6d8808fe65cff75a1b1b28b753f5918eed49a1d9 | |
parent | 6a7ba8f7f210e04183fb64ab181520d817a34a11 (diff) | |
download | meta-openembedded-98e00710b7c1cf20092b8ff8fa7c01f153ff95ab.tar.gz |
python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)
3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input.
Additional release notes:
- Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related() (#32812).
- Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+
when altering BinaryField, JSONField, or TextField to non-nullable
(#32503).
- Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a
default value (#32832).
- Fixed a bug in Django 3.2 where a system check would crash on a model
with an invalid app_label (#32863).
There is no corresponding uprev for the 2.x LTS branch since it is
already at the latest version (2.2.24).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit fe50bd100548500842667210df9757d84ec11b16)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-python/recipes-devtools/python/python3-django_3.2.5.bb (renamed from meta-python/recipes-devtools/python/python3-django_3.2.4.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb index 52504885e5..5890c85419 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296" +SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd" RDEPENDS_${PN} += "\ ${PYTHON_PN}-sqlparse \ |