Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Carlton Gibson-3
Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our security process. These releases address a security issue, and we encourage all users to upgrade as soon as possible:

https://www.djangoproject.com/weblog/2019/feb/11/security-releases/

--
You received this message because you are subscribed to the Google Groups "Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1EB1699A-228E-4151-9726-50042904A4CE%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Riccardo Magliocchetti
Hello Carlton,

Il 11/02/19 12:02, Carlton Gibson ha scritto:
> Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our security process. These releases address a security issue, and we encourage all users to upgrade as soon as possible:
>
> https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
>

1.11.19 blew my tests on python 2.7, python3 works fine:
   File "/usr/local/lib/python2.7/site-packages/django/template/base.py", line
184, in __init__
     engine = Engine.get_default()
   File "/usr/local/lib/python2.7/site-packages/django/utils/lru_cache.py", line
124, in wrapper
     result = user_function(*args, **kwds)
   File "/usr/local/lib/python2.7/site-packages/django/template/engine.py", line
76, in get_default
     django_engines = [engine for engine in engines.all()
   File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
89, in all
     return [self[alias] for alias in self]
   File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
80, in __getitem__
     engine = engine_cls(params)
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 30, in __init__
     options['libraries'] = self.get_templatetag_libraries(libraries)
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 48, in get_templatetag_libraries
     libraries = get_installed_libraries()
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 113, in get_installed_libraries
     for name in get_package_libraries(pkg):
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 130, in get_package_libraries
     "trying to load '%s': %s" % (entry[1], e)
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.

--
Riccardo Magliocchetti
@rmistaken

http://menodizero.it

--
You received this message because you are subscribed to the Google Groups "Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/65914ae6-3647-322e-8b58-d4c095a4967f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Carlton Gibson-3
Hi Riccardo. 

Please open a Trac ticket for this. (Current test suite passes, so it looks like we're missing coverage somewhere.) 
Thanks.

On Monday, 11 February 2019 12:26:04 UTC+1, riccardo.magliocchetti wrote:
Hello Carlton,

Il 11/02/19 12:02, Carlton Gibson ha scritto:
> Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our security process. These releases address a security issue, and we encourage all users to upgrade as soon as possible:
>
> <a href="https://www.djangoproject.com/weblog/2019/feb/11/security-releases/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.djangoproject.com%2Fweblog%2F2019%2Ffeb%2F11%2Fsecurity-releases%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGgeO2RfEOBFXa0kuqMbMGyGatOGw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.djangoproject.com%2Fweblog%2F2019%2Ffeb%2F11%2Fsecurity-releases%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGgeO2RfEOBFXa0kuqMbMGyGatOGw&#39;;return true;">https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
>

1.11.19 blew my tests on python 2.7, python3 works fine:
   File "/usr/local/lib/python2.7/site-packages/django/template/base.py", line
184, in __init__
     engine = Engine.get_default()
   File "/usr/local/lib/python2.7/site-packages/django/utils/lru_cache.py", line
124, in wrapper
     result = user_function(*args, **kwds)
   File "/usr/local/lib/python2.7/site-packages/django/template/engine.py", line
76, in get_default
     django_engines = [engine for engine in engines.all()
   File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
89, in all
     return [self[alias] for alias in self]
   File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
80, in __getitem__
     engine = engine_cls(params)
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 30, in __init__
     options['libraries'] = self.get_templatetag_libraries(libraries)
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 48, in get_templatetag_libraries
     libraries = get_installed_libraries()
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 113, in get_installed_libraries
     for name in get_package_libraries(pkg):
   File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 130, in get_package_libraries
     "trying to load '%s': %s" % (entry[1], e)
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.

--
Riccardo Magliocchetti
@rmistaken

<a href="http://menodizero.it" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fmenodizero.it\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHYemWN52VwbnFLUQJ3kbOlanNHpw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fmenodizero.it\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHYemWN52VwbnFLUQJ3kbOlanNHpw&#39;;return true;">http://menodizero.it

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2d1dcdb6-9049-4c10-8f81-ff7a159c3383%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Raffaele Salmaso-2
In reply to this post by Riccardo Magliocchetti
On Mon, Feb 11, 2019 at 12:25 PM Riccardo Magliocchetti <[hidden email]> wrote:
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.
Hi Riccardo, please check if you use the correct django version, django.contrib.admin.templatetags.base is there from django 2.1

--

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CABgH4JtXzPVmJdJEMOqxvHS2Kc249Xcybvdmy%3DXxCqWSBj4%2Bkg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Riccardo Magliocchetti
In reply to this post by Carlton Gibson-3
Hello Carlton,

filed here:
https://code.djangoproject.com/ticket/30175

Il 11/02/19 12:58, Carlton Gibson ha scritto:

> Hi Riccardo.
>
> Please open a Trac ticket for this. (Current test suite passes, so it looks
> like we're missing coverage somewhere.)
> Thanks.
>
> On Monday, 11 February 2019 12:26:04 UTC+1, riccardo.magliocchetti wrote:
>>
>> Hello Carlton,
>>
>> Il 11/02/19 12:02, Carlton Gibson ha scritto:
>>> Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our
>> security process. These releases address a security issue, and we encourage
>> all users to upgrade as soon as possible:
>>>
>>> https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
>>>
>>
>> 1.11.19 blew my tests on python 2.7, python3 works fine:
>>     File "/usr/local/lib/python2.7/site-packages/django/template/base.py",
>> line
>> 184, in __init__
>>       engine = Engine.get_default()
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/utils/lru_cache.py", line
>> 124, in wrapper
>>       result = user_function(*args, **kwds)
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/template/engine.py", line
>> 76, in get_default
>>       django_engines = [engine for engine in engines.all()
>>     File "/usr/local/lib/python2.7/site-packages/django/template/utils.py",
>> line
>> 89, in all
>>       return [self[alias] for alias in self]
>>     File "/usr/local/lib/python2.7/site-packages/django/template/utils.py",
>> line
>> 80, in __getitem__
>>       engine = engine_cls(params)
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
>>
>> line 30, in __init__
>>       options['libraries'] = self.get_templatetag_libraries(libraries)
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
>>
>> line 48, in get_templatetag_libraries
>>       libraries = get_installed_libraries()
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
>>
>> line 113, in get_installed_libraries
>>       for name in get_package_libraries(pkg):
>>     File
>> "/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
>>
>> line 130, in get_package_libraries
>>       "trying to load '%s': %s" % (entry[1], e)
>> InvalidTemplateLibrary: Invalid template library specified. ImportError
>> raised
>> when trying to load 'django.contrib.admin.templatetags.base': cannot
>> import name
>> getfullargspec
>>
>> 1.11.18 works fine for the same test.
>>
>> --
>> Riccardo Magliocchetti
>> @rmistaken
>>
>> http://menodizero.it
>>
>


--
Riccardo Magliocchetti
@rmistaken

http://menodizero.it

--
You received this message because you are subscribed to the Google Groups "Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/934e1e54-a7c0-432c-af55-5679bc698ea0%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Bruno A.
In reply to this post by Raffaele Salmaso-2
It looks like 2.1.6 has unexpected new migrations as well https://code.djangoproject.com/ticket/30174

 Did something go wrong during the release publication?

On Monday, 11 February 2019 12:07:19 UTC, Raffaele Salmaso wrote:
On Mon, Feb 11, 2019 at 12:25 PM Riccardo Magliocchetti <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="L9FO_TFbCQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">riccardo.ma...@gmail.com> wrote:
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.
Hi Riccardo, please check if you use the correct django version, django.contrib.admin.templatetags.base is there from django 2.1

--
| Raffaele Salmaso
| <a href="https://salmaso.org" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fsalmaso.org\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEDkdSmmUpZZGalSHiAeD1f1T7ZFA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fsalmaso.org\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEDkdSmmUpZZGalSHiAeD1f1T7ZFA&#39;;return true;">https://salmaso.org
| <a href="https://bitbucket.org/rsalmaso" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fbitbucket.org%2Frsalmaso\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHbJhXNuq88BPM7dQLQ0pk55q1WUg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fbitbucket.org%2Frsalmaso\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHbJhXNuq88BPM7dQLQ0pk55q1WUg&#39;;return true;">https://bitbucket.org/rsalmaso
| <a href="https://github.com/rsalmaso" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Frsalmaso\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHecqstofEdtqwWhlb-67uc3PkFaQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Frsalmaso\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHecqstofEdtqwWhlb-67uc3PkFaQ&#39;;return true;">https://github.com/rsalmaso

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/b6656afc-c8d5-47bf-8127-b5643e6145e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Riccardo Magliocchetti
In reply to this post by Raffaele Salmaso-2
Il 11/02/19 13:06, Raffaele Salmaso ha scritto:

> On Mon, Feb 11, 2019 at 12:25 PM Riccardo Magliocchetti <
> [hidden email]> wrote:
>
>> InvalidTemplateLibrary: Invalid template library specified. ImportError
>> raised
>> when trying to load 'django.contrib.admin.templatetags.base': cannot
>> import name
>> getfullargspec
>>
>> 1.11.18 works fine for the same test.
>>
> Hi Riccardo, please check if you use the correct django version,
> django.contrib.admin.templatetags.base is there from django 2.1

Yeah, what i'm reporting is that the wheel pip downloaded here does not match
the 1.11.19 tag in git.

--
Riccardo Magliocchetti
@rmistaken

http://menodizero.it

--
You received this message because you are subscribed to the Google Groups "Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fd8fde53-2e3b-84b4-4fcf-154a82771515%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Carlton Gibson-3


On Monday, 11 February 2019 13:15:12 UTC+1, riccardo.magliocchetti wrote:

Yeah, what i'm reporting is that the wheel pip downloaded here does not match
the 1.11.19 tag in git.

OK. Thanks. I'll have a look.  

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0d9ef728-cd44-4754-a31a-cf604fe6afbe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

Carlton Gibson-3
In reply to this post by Bruno A.


On Monday, 11 February 2019 13:46:04 UTC+1, Bruno Alla wrote:
 Did something go wrong during the release publication?

Yes. Additional files were packaged. (In all except the 2.2b1 release as far as I can tell.) 

I will release updated versions shortly.

I'll then publish a post-mortem.

C. 

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1fb176e7-b477-4d47-ad8f-6d62df89865c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.