首页 发现 帮助
登录
CityApper
/
django
镜像自地址 https://github.com/django/django
2
0
派生 0
文件 工单管理 0 Wiki
目录树: f6acd1d271
分支列表 标签列表
django
/
docs
/
releases
/
1.8.7.txt

1.8.7.txt 2.6 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. ==========================
    2. 

  2. Django 1.8.7 release notes
    3. 

  3. ==========================
    4. 

  4. 

  5. *November 24, 2015*
    6. 

  6. 

  7. Django 1.8.7 fixes a security issue and several bugs in 1.8.6.
    8. 

  8. 

  9. Additionally, Django's vendored version of six, ``django.utils.six``, has
    10. 

  10. been upgraded to the latest release (1.10.0).
    11. 

  11. 

  12. Fixed settings leak possibility in ``date`` template filter
    13. 

  13. ===========================================================
    14. 

  14. 

  15. If an application allows users to specify an unvalidated format for dates and
    16. 

  16. passes this format to the :tfilter:`date` filter, e.g.
    17. 

  17. ``{{ last_updated|date:user_date_format }}``, then a malicious user could
    18. 

  18. obtain any secret in the application's settings by specifying a settings key
    19. 

  19. instead of a date format. e.g. ``"SECRET_KEY"`` instead of ``"j/m/Y"``.
    20. 

  20. 

  21. To remedy this, the underlying function used by the ``date`` template filter,
    22. 

  22. ``django.utils.formats.get_format()``, now only allows accessing the date/time
    23. 

  23. formatting settings.
    24. 

  24. 

  25. Bugfixes
    26. 

  26. ========
    27. 

  27. 

  28. * Fixed a crash of the debug view during the autumn DST change when
    29. 

  29.   :setting:`USE_TZ` is ``False`` and ``pytz`` is installed.
    30. 

  30. 

  31. * Fixed a regression in 1.8.6 that caused database routers without an
    32. 

  32.   ``allow_migrate()`` method to crash (:ticket:`25686`).
    33. 

  33. 

  34. * Fixed a regression in 1.8.6 by restoring the ability to use ``Manager``
    35. 

  35.   objects for the ``queryset`` argument of ``ModelChoiceField``
    36. 

  36.   (:ticket:`25683`).
    37. 

  37. 

  38. * Fixed a regression in 1.8.6 that caused an application with South migrations
    39. 

  39.   in the ``migrations`` directory to fail (:ticket:`25618`).
    40. 

  40. 

  41. * Fixed a data loss possibility with :class:`~django.db.models.Prefetch` if
    42. 

  42.   ``to_attr`` is set to a ``ManyToManyField`` (:ticket:`25693`).
    43. 

  43. 

  44. * Fixed a regression in 1.8 by making ``gettext()`` once again return UTF-8
    45. 

  45.   bytestrings on Python 2 if the input is a bytestring (:ticket:`25720`).
    46. 

  46. 

  47. * Fixed serialization of
    48. 

  48.   :class:`~django.contrib.postgres.fields.DateRangeField` and
    49. 

  49.   :class:`~django.contrib.postgres.fields.DateTimeRangeField` (:ticket:`24937`).
    50. 

  50. 

  51. * Fixed the exact lookup of ``ArrayField`` (:ticket:`25666`).
    52. 

  52. 

  53. * Fixed ``Model.refresh_from_db()`` updating of ``ForeignKey`` fields with
    54. 

  54.   ``on_delete=models.SET_NULL`` (:ticket:`25715`).
    55. 

  55. 

  56. * Fixed a duplicate query regression in 1.8 on proxied model deletion
    57. 

  57.   (:ticket:`25685`).
    58. 

  58. 

  59. * Fixed ``set_FOO_order()`` crash when the ``ForeignKey`` of a model with
    60. 

  60.   ``order_with_respect_to`` references a model with a ``OneToOneField``
    61. 

  61.   primary key (:ticket:`25786`).
    62. 

  62. 

  63. * Fixed incorrect validation for ``PositiveIntegerField`` and
    64. 

  64.   ``PositiveSmallIntegerField`` on MySQL resulting in values greater than
    65. 

  65.   4294967295 or 65535, respectively, passing validation and being silently
    66. 

  66.   truncated by the database (:ticket:`25767`).
    67.