Ubuntu
python-django package

python-django 3:3.2.19-1 source package in Ubuntu

Changelog

python-django (3:3.2.19-1) unstable; urgency=medium

  * New upstream security release.
  * CVE-2023-31047: Prevent a potential bypass of validation when uploading
    multiple files using one form field.

    Uploading multiple files using one form field has never been supported by
    forms.FileField or forms.ImageField as only the last uploaded file was
    validated. Unfortunately, Uploading multiple files topic suggested
    otherwise. In order to avoid the vulnerability, the ClearableFileInput and
    FileInput form widgets now raise ValueError when the multiple HTML
    attribute is set on them. To prevent the exception and keep the old
    behavior, set the allow_multiple_selected attribute to True.

    For more details on using the new attribute and handling of multiple files
    through a single field, see:

      <https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files>

    (Closes: #1035467)

  * Bump Standards-Version to 4.6.2.

 -- Chris Lamb <email address hidden>  Wed, 03 May 2023 09:32:59 -0700

Upload details

Uploaded by:
Debian Python Team
Uploaded to:
Sid
Original maintainer:
Debian Python Team
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Mantic: [FAILEDTOBUILD] amd64

Downloads

File Size SHA-256 Checksum
python-django_3.2.19-1.dsc 2.7 KiB 3b00f2009508a960f1eccae8762667b6c4b4097673bb9d50c8f007bb4e36d8a5
python-django_3.2.19.orig.tar.gz 9.4 MiB 031365bae96814da19c10706218c44dff3b654cc4de20a98bd2d29b9bde469f0
python-django_3.2.19-1.debian.tar.xz 37.1 KiB 924c91276b40c03aa3dacd397966849000599121d8e4d8398b6078eab1153698

No changes file available.

Binary packages built by this source