diff --git a/Django-5.0.7.tar.gz b/Django-5.0.8.tar.gz similarity index 58% rename from Django-5.0.7.tar.gz rename to Django-5.0.8.tar.gz index 866e2ef71ba368079054348d3308afd6dae338f7..a3d93e88a7599eb459a0138402eef34ef68b2b2b 100644 Binary files a/Django-5.0.7.tar.gz and b/Django-5.0.8.tar.gz differ diff --git a/python-django.spec b/python-django.spec index fa7c66c1da8c1da4ee5271f5868c36a0239b3b87..8b7d8e643e9e7d3da3a3a3011a43e06cce7173a1 100644 --- a/python-django.spec +++ b/python-django.spec @@ -1,6 +1,6 @@ %global _empty_manifest_terminate_build 0 Name: python-django -Version: 5.0.7 +Version: 5.0.8 Release: 1 Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design. License: Apache-2.0 and Python-2.0 and BSD-3-Clause @@ -72,6 +72,19 @@ mv %{buildroot}/doclist.lst . %{_docdir}/* %changelog +* Thu Aug 08 2024 yaoxin - 5.0.8-1 +- Update to 5.0.8 + * CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()`` + * CVE-2024-41990: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` + * CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and ``AdminURLFieldWidget`` + * CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()`` + * Added missing validation for ``UniqueConstraint(nulls_distinct=False)`` when using ``*expressions`` + * Fixed a regression in Django 5.0 where ``ModelAdmin.action_checkbox`` could break the admin changelist + HTML page when rendering a model instance with a ``__html__`` method + * Fixed a crash when creating a model with a ``Field.db_default`` and a ``Meta.constraints`` constraint composed + of ``__endswith``, ``__startswith``, or ``__contains`` lookups (:ticket:`35625`). + * Fixed a regression in Django 5.0.7 that caused a crash in ``LocaleMiddleware`` when processing a language code over 500 characters + * Fri Jul 12 2024 yaoxin - 5.0.7-1 - Update to 5.0.7 * CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()