Django 1.9.5 版本发行说明
April 1, 2016
Django 1.9.5 fixes several bugs in 1.9.4.
漏洞修复
- Made
MultiPartParser
ignore filenames that normalize to an empty string to fix crash inMemoryFileUploadHandler
on specially crafted user input (#26325). - Fixed a race condition in
BaseCache.get_or_set()
(#26332). It now returns thedefault
value instead ofFalse
if there’s an error when trying to add the value to the cache. - Fixed data loss on SQLite where
DurationField
values with fractional seconds could be saved asNone
(#26324). - The forms in
contrib.auth
no longer strip trailing and leading whitespace from the password fields (#26334). The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django. - Fixed a memory leak in the cached template loader (#26306).
- Fixed a regression that caused
collectstatic --clear
to fail if the storage doesn’t implementpath()
(#26297). - Fixed a crash when using a reverse lookup with a subquery when a
ForeignKey
has ato_field
set to something other than the primary key (#26373). - Fixed a regression in
CommonMiddleware
that caused spurious warnings in logs on requests missing a trailing slash (#26293). - Restored the functionality of the admin’s
raw_id_fields
inlist_editable
(#26387). - Fixed a regression with abstract model inheritance and explicit parent links (#26413).
- Fixed a migrations crash on SQLite when renaming the primary key of a model containing a
ForeignKey
to'self'
(#26384). - Fixed
JSONField
inadvertently escaping its contents when displaying values after failed form validation (#25532).