---
- branch: MAIN
  date: Mon Mar  1 12:43:26 UTC 2021
  files:
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/www/py-django3/Makefile
    pathrev: pkgsrc/www/py-django3/Makefile@1.13
    type: modified
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/www/py-django3/distinfo
    pathrev: pkgsrc/www/py-django3/distinfo@1.13
    type: modified
  id: 20210301T124326Z.2fdfeeeec5be67a77918ee5c5acbb0e0fd623c8e
  log: |
    py-django3: updated to 3.1.7

    Django 3.1.7 fixes a security issue and a bug in 3.1.6.

    CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()

    Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. Django now includes this fix. See bpo-42967 for further details.

    Bugfixes

    Fixed a regression in Django 3.1 that caused RuntimeError instead of connection errors when using only the 'postgres' database
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/py-django3'
  unixtime: '1614602606'
  user: adam