Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2025-07-08 15:28:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.7373 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Tue Jul 8 15:28:05 2025 rev:133 rq:1290998 version:5.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2025-06-10 08:59:48.769828010 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.7373/python-Django.changes 2025-07-08 15:28:22.996600086 +0200 @@ -1,0 +2,16 @@ +Thu Jul 3 12:47:34 UTC 2025 - Markéta Machová <mmach...@suse.com> + +- Update to 5.2.4 + * Fixed a log injection possibility by migrating remaining response logging + to django.utils.log.log_response(), which safely escapes arguments + such as the request path to prevent unsafe log output (CVE 2025-48432). + * Fixed a regression in Django 5.2 that caused QuerySet.bulk_update() to + incorrectly convert None to JSON null instead of SQL NULL for JSONField + * Fixed a regression in Django 5.2.2 where the q parameter was removed from + the internal django.http.MediaType.params property + * Fixed a regression in Django 5.2.2 where HttpRequest.get_preferred_type() + incorrectly preferred more specific media types with a lower quality + * Fixed a crash in Django 5.2 when performing an __in lookup involving a + composite primary key and a subquery on certain backends + +------------------------------------------------------------------- Old: ---- Django-5.2.2.checksum.txt django-5.2.2.tar.gz New: ---- Django-5.2.4.checksum.txt django-5.2.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.7U1nsq/_old 2025-07-08 15:28:23.804633866 +0200 +++ /var/tmp/diff_new_pack.7U1nsq/_new 2025-07-08 15:28:23.804633866 +0200 @@ -21,7 +21,7 @@ %bcond_with memcached %{?sle15_python_module_pythons} Name: python-Django -Version: 5.2.2 +Version: 5.2.4 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-5.2.2.checksum.txt -> Django-5.2.4.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-5.2.2.checksum.txt 2025-06-10 08:59:48.649823058 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.7373/Django-5.2.4.checksum.txt 2025-07-08 15:28:22.048560453 +0200 @@ -2,7 +2,7 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 5.2.2, released June 4, 2025. +source-code tarball and wheel files of Django 5.2.4, released July 2, 2025. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have @@ -19,7 +19,7 @@ Once the key is imported, verify this file: - gpg --verify Django-5.2.2.checksum.txt + gpg --verify Django-5.2.4.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,41 +28,41 @@ Release packages ================ -https://www.djangoproject.com/download/5.2.2/tarball/ -https://www.djangoproject.com/download/5.2.2/wheel/ +https://www.djangoproject.com/download/5.2.4/tarball/ +https://www.djangoproject.com/download/5.2.4/wheel/ MD5 checksums ============= -782577f532efab32f8119a7071f55d04 django-5.2.2.tar.gz -5d85fa7778bd65981714e562012a5626 django-5.2.2-py3-none-any.whl +6ecc4875e8cdc08706faea1cc4740fdf django-5.2.4.tar.gz +fee657f7686462d388f274c5f92b634a django-5.2.4-py3-none-any.whl SHA1 checksums ============== -87dff3ef8d00b15491d5bb64b2404caf66d8ae59 django-5.2.2.tar.gz -7964171a3e17b3e3e8aeb2d2bff763d128836d74 django-5.2.2-py3-none-any.whl +de45d44e1bb2ceb1c08b8fd0846de920874f71a1 django-5.2.4.tar.gz +a6a7904e3749a0e8937a50643293889929b4b6f7 django-5.2.4-py3-none-any.whl SHA256 checksums ================ -85852e517f84435e9b13421379cd6c43ef5b48a9c8b391d29a26f7900967e952 django-5.2.2.tar.gz -997ef2162d04ead6869551b22cde4e06da1f94cf595f4af3f3d3afeae1f3f6fe django-5.2.2-py3-none-any.whl +a1228c384f8fa13eebc015196db7b3e08722c5058d4758d20cb287503a540d8f django-5.2.4.tar.gz +60c35bd96201b10c6e7a78121bd0da51084733efa303cc19ead021ab179cef5e django-5.2.4-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhAMRIoHDEyNDMwNCtu -ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPmgqD/9b -ON8sroesSKb2lAdjUe2XFKceWBpSjySACsPwLko5gPhfxJ9gn0XEDQccYw6U4KkJ -PbRlrKKNr1zqX3IfRoggg3E6GU/rw9LUqgB2GByuBRjyZe29bF0KWiLWVmjLL6c8 -WszgKZxYu73vBfHcY1StLVSGMHxMlolvWikhpS4taHKOsYLmYxFnPdDeLjC/hYyb -tYjfdaKgDm5czpy9Put+Kzu15KcW0PqHAuPJtcGHo3l7lfRSd/m9X6iNtUXmsN8J -H8kLEzfG91tUuHl7UgFpZpSEGqnRV/dM+s+fKeVJC9t6Jsu8lbQp3omMaBl/SCwV -qicA9Go9cqUoDLz8JSkv0YCOGAyUZyOvjlW8zAkoRQuCcEkDxLh2VsdRRB7Z0E7K -SvDq03XZwXeBUpQAbkoZ+TpS4EoiydY7I7PTq5k+yzMEoid+k7sRclfndeTpAmPf -7Xtq3KDPnIKo+7maECiKVeEfCUIgxXygEz3fbrYTn9LcDcFnGWKA9/DH/9yD4+zR -AS4RI0k0PUWzbq/6+A+3BqQTo75dLxm/BHpyd9NoddYIsuhwlLq3IU+SopR8vG2/ -bydqaovZuiyHS59vGgMuAFJIaeW5/TW8zoLvRVekVG0nCVgcj17pR7zqa6EGKefS -6ydabjbxzeFC3qdYiOIneghfIUnk3HeVQRLd0Vw58w== -=Pk1M +iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhlfcIoHDEyNDMwNCtu +ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPj5DD/94 +KOuOZ5JHtZWknqi1JeV1akzB/RpY7lhL9SbJbVXhdAxOY9Cn4eUG7NsPWa9JnhX1 +F/2geBE5mjOZen4ARtGHWxa5vqidqUbscrU9AkqPLn6aecEKi2jXXNkYmmWw/37K +wb92BQtuWkaXyiZ4E6Sledx9yFhcqMDFg27CdNYfAqUWofI6zzSmLIzOlOSVR9Sc +uDrfRqQ4GXlRGT5pIkcIxE0ZKToUYrKgn99PZOmBcLfJgQ4VBt62J6SzZAhhElb3 +DUMcVhG2XNIhg7v7DwlVodowDYQdRi2H/ahAa7/m1+uugRbysoGSLLwP+50tDjlj +07zxoJsrL5R9zaMp4pcXQN4bUy3rDz94DkjlXO51f8LwDdStvk4VOYan1W5S9BhP +R0conCFfcg4+iK0pV5e/GeeTwBRHQw8p5RuWfrEpKFi/XQtT0u01hqUGppeuZ9wI +f+Ud9RA8Nrw0ouli4WvfH0RVFuMgUFqScwO88oatuUH5CDPjlV+5usNb7FrmZXv6 +AWRopONOcYGF07+FYh0nsoE8enWyxE+JWTJzxT5PGZ3buUO0hlnJ+auoJv8yOVii +ELCSUyi93glWonCBrS41XrNO6+6K/8V9V6iv9/PdGwF1GszbX5Rx4e2lDMA7crYh +1qKGaV3+iAO+Y+vXt6VTy6h5GLg9hun+RQ8TU3Guyg== +=d9C5 -----END PGP SIGNATURE----- ++++++ django-5.2.2.tar.gz -> django-5.2.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/django-5.2.2.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.7373/django-5.2.4.tar.gz differ: char 5, line 1