mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-11-23 10:04:01 +03:00
dc11195917
This PR updates [django](https://pypi.org/project/django) from **2.0.7** to **2.0.8**. <details> <summary>Changelog</summary> ### 2.0.8 ``` ========================== *August 1, 2018* Django 2.0.8 fixes a security issue and several bugs in 2.0.7. CVE-2018-14574: Open redirect possibility in ``CommonMiddleware`` ================================================================= If the :class:`~django.middleware.common.CommonMiddleware` and the :setting:`APPEND_SLASH` setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. ``CommonMiddleware`` now escapes leading slashes to prevent redirects to other domains. Bugfixes ======== * Fixed a regression in Django 2.0.7 that broke the ``regex`` lookup on MariaDB (even though MariaDB isn't officially supported) (🎫`29544`). * Fixed a regression where ``django.template.Template`` crashed if the ``template_string`` argument is lazy (🎫`29617`). ========================== ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/ </details> |
||
|---|---|---|
| .. | ||
| base.txt | ||
| local.txt | ||
| production.txt | ||