Django 1.3’s focus has mostly been on resolving smaller, long-standing feature
requests, but that hasn’t prevented a few fairly significant new features from
landing, including:
* A framework for writing class-based views.
* Built-in support for using Python’s logging facilities.
* Contrib support for easy handling of static files.
* Django’s testing framework now supports (and ships with a copy of) the
unittest2 library.
- Fix a bug in the admin interface that could leak informations to
users with staff privileges bypassing lookup arguments in the query
string.
- Fix a bug for running the test suite in a multi-db setup
- Deprecated django.contrib.gis.tests.run_gis_tests()
- Properly deal with non-ASCII responses in the CSRF code
- Restore compatibility with certain forms like the user-editing form in
admin
Reduce maintainance overhead in pkgsrc by providing PLIST print magic.
As of the 1.2 release, the core Django framework includes a system, enabled by
default, for detecting and preventing cross-site request forgery (CSRF) attacks
against Django-powered applications. Previous Django releases provided
a different, optionally-enabled system for the same purpose.
The Django 1.2 CSRF protection system involves the generation of a random
token, inserted as a hidden field in outgoing forms. The same value is also
set in a cookie, and the cookie value and form value are compared on submission.
The provided template tag for inserting the CSRF token into forms --
{% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is.
Thus, an attacker who is able to tamper with the value of the CSRF cookie can
cause arbitrary content to be inserted, unescaped, into the outgoing HTML of
the form, enabling cross-site scripting (XSS) attacks.
This issue was first reported via a public ticket in Django's Trac instance;
while being triaged it was then independently reported, with broader
description, by Jeff Balogh of Mozilla.
- Support multiple database in one Django instance
- Model validation inspired by the Form validation
- Vastly improved protection against Cross-Site Request Forgery
- New user "message" framework, incl. support for anonymous users
- Hooks for object-level permissions and permissions for anonymous users
- Customization of e-mail sending via the new e-mail backend
- Smarter if template tag
- Support for aggregates and query expression in the ORM
- Suport for unamanged models and proxy models
- Support for deffered fields
- Mark individual fields as editable in the admin; support for custom
actions
- Better support for Last-Modified/ETag
- Improved GIS support
- {% for %} now has an {% empty %} to simplify handling empty lists
- Various smaller improvements
were moved or renamed.
This was for some from 2008 and 2009 and one from 2001.
Also I noticed that a CHANGES entry was wrong as said "Renamed"
when should have said "Moved" (lua-OSBF) because PKGBASE stayed the
same.
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
The main goal of the 0.96 release is to cleanup and stabilise the
features from 0.95.
Incompatible changes:
- constraint names changed in some cases, this can effect manage.py
reset on old databases
- some names in manage.py changed
- backslash escaping is done more consistently
- ENABLE_PSYCO is gone
Important changes:
- merge of newforms
- URLconf takes normal callables
- new test framework
- passwords for users can be entered as normal text in the admin
interface, no need to hash manually
In addition: dropped py-setuptools dependency.
code is shared with psycopg1.
Include a small patch to make keyword mistakes in query args much
more obvious (from django svn). Other users might be as stupid as
the maintainer. Bump revision.
* A patch for a small security vulnerability in the script Django's
internationalization system uses to compile translation files.
* A fix for a bug in Django's authentication middleware which could cause
apparent "caching" of a logged-in user.
* A patch which disables debugging mode in the flup FastCGI package
Django uses to launch its FastCGI server, which prevents tracebacks
from bubbling up during production use.
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.