Django 1.11.5 release notes — Django documentation
From Get docs
Django/docs/3.2.x/releases/1.11.5
Django 1.11.5 release notes
September 5, 2017
Django 1.11.5 fixes a security issue and several bugs in 1.11.4.
CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with DEBUG = True
(which makes this page accessible) in your production settings.
Bugfixes
- Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2) (:ticket:`28441`).
- Added compatibility for
cx_Oracle
6 (:ticket:`28498`). - Fixed select widget rendering when option values are tuples (:ticket:`28502`).
- Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if
'use_returning_into': False
is in theOPTIONS
part ofDATABASES
. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in :ticket:`28451` comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme. - Added POST request support to
LogoutView
, for equivalence with the function-basedlogout()
view (:ticket:`28513`). - Omitted
pages_per_range
fromBrinIndex.deconstruct()
if it’sNone
(:ticket:`25809`). - Fixed a regression where
SelectDateWidget
localized the years in the select box (:ticket:`28530`). - Fixed a regression in 1.11.4 where
runserver
crashed with non-Unicode system encodings on Python 2 + Windows (:ticket:`28487`). - Fixed a regression in Django 1.10 where changes to a
ManyToManyField
weren’t logged in the admin change history (:ticket:`27998`) and preventedManyToManyField
initial data in model forms from being affected by subsequent model changes (:ticket:`28543`). - Fixed non-deterministic results or an
AssertionError
crash in some queries with multiple joins (:ticket:`26522`). - Fixed a regression in
contrib.auth
’slogin()
andlogout()
views where they ignored positional arguments (:ticket:`28550`).