Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django6 for openSUSE:Factory checked in at 2026-04-09 16:09:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django6 (Old) and /work/SRC/openSUSE:Factory/.python-Django6.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django6" Thu Apr 9 16:09:53 2026 rev:5 rq:1345436 version:6.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django6/python-Django6.changes 2026-03-04 21:10:42.838076218 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.21863/python-Django6.changes 2026-04-09 16:22:55.086003064 +0200 @@ -1,0 +2,22 @@ +Thu Apr 9 06:57:36 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 6.0.4 + * CVE-2026-3902: ASGI header spoofing via underscore/hyphen + conflation (bsc#1261729) + * CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin + (bsc#1261731) + * CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable + (bsc#1261732) + * CVE-2026-33033: Potential denial-of-service vulnerability in + MultiPartParser via base64-encoded file upload (bsc#1261722) + * CVE-2026-33034: Potential denial-of-service vulnerability in + ASGI requests via memory upload limit bypass (bsc#1261724) + * Fixed a regression in Django 6.0 where alogin() and alogout() did not + respectively set or clear request.user if it had already been materialized + * Fixed a regression in Django 6.0 in admin forms where RelatedFieldWidgetWrapper + incorrectly wrapped all widgets in a <fieldset> + * Fixed a bug in Django 6.0 where the fields.E348 system check did not + detect name clashes between model managers and related_names for + non-self-referential relationships + +------------------------------------------------------------------- Old: ---- Django-6.0.3.checksum.txt django-6.0.3.tar.gz New: ---- Django-6.0.4.checksum.txt django-6.0.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django6.spec ++++++ --- /var/tmp/diff_new_pack.xC8W8Y/_old 2026-04-09 16:22:55.726029325 +0200 +++ /var/tmp/diff_new_pack.xC8W8Y/_new 2026-04-09 16:22:55.730029489 +0200 @@ -27,7 +27,7 @@ %endif %define skip_python311 1 Name: python-Django6 -Version: 6.0.3 +Version: 6.0.4 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-6.0.3.checksum.txt -> Django-6.0.4.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django6/Django-6.0.3.checksum.txt 2026-03-04 21:10:42.682069818 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.21863/Django-6.0.4.checksum.txt 2026-04-09 16:22:54.377974012 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 6.0.3, released March 3, 2026. +source-code tarball and wheel files of Django 6.0.4, released April 7, 2026. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``2EE82A8D9470983E`` and can be imported from the MIT +the ID ``131403F4D16D8DC7`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E + gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 or via the GitHub API: - curl https://github.com/nessita.gpg | gpg --import - + curl https://github.com/jacobtylerwalls.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-6.0.3.checksum.txt + gpg --verify Django-6.0.4.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,40 +28,40 @@ Release packages ================ -https://www.djangoproject.com/download/6.0.3/tarball/ -https://www.djangoproject.com/download/6.0.3/wheel/ +https://www.djangoproject.com/download/6.0.4/tarball/ +https://www.djangoproject.com/download/6.0.4/wheel/ MD5 checksums ============= -0bb395b518e2f2f17e1a936deb7ba74c django-6.0.3.tar.gz -2c2f28f5318c7351f7d9d2c33837d6d4 django-6.0.3-py3-none-any.whl +9d429cbef8c8357a480d0b920dd9a956 django-6.0.4.tar.gz +48574fa2e00fde976bd35d62f336bcd7 django-6.0.4-py3-none-any.whl SHA1 checksums ============== -d8d4b3495ec33a794c7723819c2a40dbf58dcc84 django-6.0.3.tar.gz -6d8377bdabf9d7a433fbab63a31e086759dc1ee5 django-6.0.3-py3-none-any.whl +89cd1b49c06b176b414138a5af1cfa3d340673a4 django-6.0.4.tar.gz +b1e01ebdd99e6d06de34a8e92e62da256eaf5e8e django-6.0.4-py3-none-any.whl SHA256 checksums ================ -90be765ee756af8a6cbd6693e56452404b5ad15294f4d5e40c0a55a0f4870fe1 django-6.0.3.tar.gz -2e5974441491ddb34c3f13d5e7a9f97b07ba03bf70234c0a9c68b79bbb235bc3 django-6.0.3-py3-none-any.whl +8cfa2572b3f2768b2e84983cf3c4811877a01edb64e817986ec5d60751c113ac django-6.0.4.tar.gz +14359c809fc16e8f81fd2b59d7d348e4d2d799da6840b10522b6edf7b8afc1da django-6.0.4-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmmm0KEACgkQLugqjZRw -mD7m3g//Szi3XWosbzJnf0nVlq+lpL9Z7Zn96jJjkIgwxap4z3b0Wly/41Bwkqdr -L7CTxsNjUki3X9JfklqQd30oprmgWpl/1uGejOMPmu8aSOypGT/MTQJF08Cwi7XJ -daAOVDDmPMlwTLEIl9PLV99Da477O4HaNSi8w6wW1QUGJ9JfUdkTXTsQUTG3RSbf -Xc7vu/4cyUFp4gSifFUIRKqUBiwhI9jDBmOEtrEO+d/nrfc4pLJFVg28r+T6gQY1 -G0EpBuLRrkhyusr0cqhYUAJB7t5eKjEFcTb5r2ugNV7+UDWcesnlyCFoT8Ot90CR -nxTm3XN2aiWFJzve+AVuNRUvA6O4Z2p7Zqy3BMmF6/RFVVtlVQVpV3eH9UpV2i6v -xJQ0FW9qYeY9c6GxCnTOVHpzgHoNcrP60qSzkZ2OCjixz+PkbWH/NJ7w5zDHYb6m -IqD49jYUn18lYAXi/q60NpyxIAe+6z9g0C6kyzeknAOKqo6ntx6s1iYiKNxUbkhL -jtrlJxuoI7cO7QtOCDFOut8r+F98IaDACIx+gF8aJUhoeI9H561UZt1gvoYQfS+T -jlV1MVd8ttlAKNYfTrtB4cJGeUSFSrCfL0MAA1i+hzxQZ93SEmfE2HS5ffhtFFYz -2pSQOE/o2U4RD3TJWN0BiwVjMRlacu7aBjXk4rLc/LBikXHX0vw= -=VG3Q +iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmnU6kMACgkQExQD9NFt +jcewLQ/+KngEy8SFtlTxorDI4JGiYsxH91BU02Ji/kcVo0npW9ZW609FOKFfevd6 +i3bDzS0wmOjT5NBUaK0gik13fYaOCzjW4aJLuwvZ5q3Vw695mXa3vExrF/tRHAFW +Aqw3FwYp3mFtwdYQjQzrjI8HRm3w6KXmIL/VRxpDxAkMvDOASbd659dJ5waC4cvW +SsJf052BqSrP75Cj00xo7zLQAhcofy6Jpmbtc4FGJp5PaflP+HPJYnZYIceclhM/ +y/3shWZA/mYk1Rx4vvhPDBykeHuYt2bbYYmRglygwfAe4G1lny303/l31gQdZLtY +Ooi87RXknbLiDocjG3ylRlxyX46goaS/gvMQQBXctfM6VbLHTqq1nDrGK7DBxVjx +nmEoJI9kaZ73PflNlXXd+aE/kPBsZC1NMpjjBmDGHzWyyiUTDxY0tDMA4py6wHUx +QSjNq4VGyqh0JJgIsZ7ymoC3vMfxtFz87svH0vJOf9WAYO5gQn72Ltw6/fHO9lz9 +SnFvFkYZ8icV6VaeSa4YThGhguLsuxl7cdliAjmhzNkDRxmTFK4n+qJeBMHBEJmc +aAM+PRIwhkLb44b6gUgTs6QLYCor9jHiNpLZJyJ/R6iH5uUO+Z1tDY/E2colylxQ +Nr5FB4iFqVdXqZDT1f1mxsyfDo7ci0gGXzWziTQ7ESr3n4y2/ds= +=RySd -----END PGP SIGNATURE----- ++++++ django-6.0.3.tar.gz -> django-6.0.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django6/django-6.0.3.tar.gz /work/SRC/openSUSE:Factory/.python-Django6.new.21863/django-6.0.4.tar.gz differ: char 5, line 1
