Django 5.0.2发行说明

February 6, 2024

Django 5.0.2修复了一个严重程度为“中等”的安全问题和5.0.1中的几个错误。此外,还包含了来自Tamerfex的最新字符串翻译。

CVE-2024-24680:中的潜在拒绝服务 intcomma 模板过滤器

这个 intcomma 模板筛选器在与很长的字符串一起使用时会受到潜在的拒绝服务攻击。

错误修正

  • Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in ModelAdmin.list_filter (#35087).

  • 修正了Django 5.0中管理员链接颜色错误的问题 (#35121 )。

  • Fixed a bug in Django 5.0 that caused a crash of Model.full_clean() on models with a GeneratedField (#35127).

  • 修复了Django 5.0中导致崩溃的回归 FilteredRelation() 将查询集作为右侧 (#35135 )。 FilteredRelation() 现在引发一个 ValueError 在查询集上作为右手边。

  • Fixed a regression in Django 5.0 that caused a crash of the dumpdata management command when a base queryset used prefetch_related() (#35159).

  • 修复了Django 5.0中导致 request_finished 通过ASGI服务器运行Django时,有时不会触发信号,从而导致潜在的资源泄漏 (#35059 )。

  • Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a BinaryField, TextField, JSONField, or GeometryField with a db_default (#35162).

  • Fixed a bug in Django 5.0 that caused a migration crash on models with a literal db_default of a complex type such as dict instance of a JSONField. Running makemigrations might generate no-op AlterField operations for fields using db_default (#35149).

« previous | up | next »