36d78abceb
Fixes the following security issues: - CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends. - CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded. For details, see the announcement: https://docs.djangoproject.com/en/dev/releases/3.0.7/ Additionally, 3.0.5..3.0.7 contains a number of non-security related bugfixes. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
16 lines
593 B
Makefile
16 lines
593 B
Makefile
################################################################################
|
|
#
|
|
# python-django
|
|
#
|
|
################################################################################
|
|
|
|
PYTHON_DJANGO_VERSION = 3.0.7
|
|
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
|
|
# The official Django site has an unpractical URL
|
|
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/74/ad/8a1bc5e0f8b740792c99c7bef5ecc043018e2b605a2fe1e2513fde586b72
|
|
PYTHON_DJANGO_LICENSE = BSD-3-Clause
|
|
PYTHON_DJANGO_LICENSE_FILES = LICENSE
|
|
PYTHON_DJANGO_SETUP_TYPE = setuptools
|
|
|
|
$(eval $(python-package))
|