mirror of https://github.com/django/django.git
63 lines
2.6 KiB
Plaintext
63 lines
2.6 KiB
Plaintext
==========================
|
||
Django 1.8.2 release notes
|
||
==========================
|
||
|
||
*May 20, 2015*
|
||
|
||
Django 1.8.2 fixes a security issue and several bugs in 1.8.1.
|
||
|
||
Fixed session flushing in the ``cached_db`` backend
|
||
===================================================
|
||
|
||
A change to ``session.flush()`` in the ``cached_db`` session backend in Django
|
||
1.8 mistakenly sets the session key to an empty string rather than ``None``. An
|
||
empty string is treated as a valid session key and the session cookie is set
|
||
accordingly. Any users with an empty string in their session cookie will use
|
||
the same session store. ``session.flush()`` is called by
|
||
``django.contrib.auth.logout()`` and, more seriously, by
|
||
``django.contrib.auth.login()`` when a user switches accounts. If a user is
|
||
logged in and logs in again to a different account (without logging out) the
|
||
session is flushed to avoid reuse. After the session is flushed (and its
|
||
session key becomes ``''``) the account details are set on the session and the
|
||
session is saved. Any users with an empty string in their session cookie will
|
||
now be logged into that account.
|
||
|
||
Bugfixes
|
||
========
|
||
|
||
* Fixed check for template engine alias uniqueness (:ticket:`24685`).
|
||
|
||
* Fixed crash when reusing the same ``Case`` instance in a query
|
||
(:ticket:`24752`).
|
||
|
||
* Corrected join promotion for ``Case`` expressions. For example, annotating a
|
||
query with a ``Case`` expression could unexpectedly filter out results
|
||
(:ticket:`24766`).
|
||
|
||
* Fixed negated ``Q`` objects in expressions. Cases like
|
||
``Case(When(~Q(friends__age__lte=30)))`` tried to generate a subquery which
|
||
resulted in a crash (:ticket:`24705`).
|
||
|
||
* Fixed incorrect GROUP BY clause generation on MySQL when the query's model
|
||
has a self-referential foreign key (:ticket:`24748`).
|
||
|
||
* Implemented ``ForeignKey.get_db_prep_value()`` so that ``ForeignKey``\s
|
||
pointing to :class:`~django.db.models.UUIDField` and inheritance on models
|
||
with ``UUIDField`` primary keys work correctly (:ticket:`24698`,
|
||
:ticket:`24712`).
|
||
|
||
* Fixed ``isnull`` lookup for ``HStoreField`` (:ticket:`24751`).
|
||
|
||
* Fixed a MySQL crash when a migration removes a combined index (unique_together
|
||
or index_together) containing a foreign key (:ticket:`24757`).
|
||
|
||
* Fixed session cookie deletion when using :setting:`SESSION_COOKIE_DOMAIN`
|
||
(:ticket:`24799`).
|
||
|
||
* On PostgreSQL, when no access is granted for the ``postgres`` database,
|
||
Django now falls back to the default database when it normally requires a
|
||
"no database" connection (:ticket:`24791`).
|
||
|
||
* Fixed display of ``contrib.admin``’s ``ForeignKey`` widget when it's used
|
||
in a row with other fields (:ticket:`24784`).
|