---
- branch: MAIN
  date: Tue Aug  6 09:33:00 UTC 2019
  files:
  - new: '1.19'
    old: '1.18'
    path: pkgsrc/www/py-django2/Makefile
    pathrev: pkgsrc/www/py-django2/Makefile@1.19
    type: modified
  - new: '1.17'
    old: '1.16'
    path: pkgsrc/www/py-django2/distinfo
    pathrev: pkgsrc/www/py-django2/distinfo@1.17
    type: modified
  id: 20190806T093300Z.883b6ec0064e4e9c66821536a5cd42d032d654ea
  log: |
    py-django2: updated to 2.2.4

    Django 2.2.4:
    * CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
    * CVE-2019-14233: Denial-of-service possibility in strip_tags()
    * CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField
    * CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
    * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used
    * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type
    * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00')
    * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/py-django2'
  unixtime: '1565083980'
  user: adam