---
- branch: MAIN
  date: Wed Jun  3 15:28:38 UTC 2020
  files:
  - new: '1.28'
    old: '1.27'
    path: pkgsrc/www/py-django2/Makefile
    pathrev: pkgsrc/www/py-django2/Makefile@1.28
    type: modified
  - new: '1.26'
    old: '1.25'
    path: pkgsrc/www/py-django2/distinfo
    pathrev: pkgsrc/www/py-django2/distinfo@1.26
    type: modified
  id: 20200603T152838Z.686833abdc6cea1ecb5018a3d4ce3d1c2243df97
  log: |
    py-django2: updated to 2.2.13

    Django 2.2.13 fixes two security issues and a regression in 2.2.12.

    CVE-2020-13254: Potential data leakage via malformed memcached keys

    In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.

    CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

    Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded.

    Bugfixes

    Fixed a regression in Django 2.2.12 that affected translation loading for apps providing translations for territorial language variants as well as a generic language, where the project has different plural equations for the language.
    Tracking a jQuery security release, upgraded the version of jQuery used by the admin from 3.3.1 to 3.5.1.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/py-django2'
  unixtime: '1591198118'
  user: adam