Bugfixes

• Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input (:ticket:`26325`).
• Fixed a race condition in BaseCache.get_or_set() (:ticket:`26332`). It now returns the default value instead of False if there’s an error when trying to add the value to the cache.
• Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None (:ticket:`26324`).
• The forms in contrib.auth no longer strip trailing and leading whitespace from the password fields (:ticket:`26334`). The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django.
• Fixed a memory leak in the cached template loader (:ticket:`26306`).
• Fixed a regression that caused collectstatic --clear to fail if the storage doesn’t implement path() (:ticket:`26297`).
• Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has a to_field set to something other than the primary key (:ticket:`26373`).
• Fixed a regression in CommonMiddleware that caused spurious warnings in logs on requests missing a trailing slash (:ticket:`26293`).
• Restored the functionality of the admin’s raw_id_fields in list_editable (:ticket:`26387`).
• Fixed a regression with abstract model inheritance and explicit parent links (:ticket:`26413`).
• Fixed a migrations crash on SQLite when renaming the primary key of a model containing a ForeignKey to 'self' (:ticket:`26384`).
• Fixed JSONField inadvertently escaping its contents when displaying values after failed form validation (:ticket:`25532`).