mirror of https://github.com/django/django.git
106 lines
4.7 KiB
Plaintext
106 lines
4.7 KiB
Plaintext
==========================
|
||
Django 1.9.2 release notes
|
||
==========================
|
||
|
||
*February 1, 2016*
|
||
|
||
Django 1.9.2 fixes a security regression in 1.9 and several bugs in 1.9.1. It
|
||
also makes a small backwards incompatible change that hopefully doesn't affect
|
||
any users.
|
||
|
||
Security issue: User with "change" but not "add" permission can create objects for ``ModelAdmin``’s with ``save_as=True``
|
||
=========================================================================================================================
|
||
|
||
If a ``ModelAdmin`` uses ``save_as=True`` (not the default), the admin
|
||
provides an option when editing objects to "Save as new". A regression in
|
||
Django 1.9 prevented that form submission from raising a "Permission Denied"
|
||
error for users without the "add" permission.
|
||
|
||
Backwards incompatible change: ``.py-tpl`` files rewritten in project/app templates
|
||
===================================================================================
|
||
|
||
The addition of some Django template language syntax to the default app
|
||
template in Django 1.9 means those files now have some invalid Python syntax.
|
||
This causes difficulties for packaging systems that unconditionally
|
||
byte-compile ``*.py`` files.
|
||
|
||
To remedy this, a ``.py-tpl`` suffix is now used for the project and app
|
||
template files included in Django. The ``.py-tpl`` suffix is replaced with
|
||
``.py`` by the ``startproject`` and ``startapp`` commands. For example, a
|
||
template with the filename ``manage.py-tpl`` will be created as ``manage.py``.
|
||
|
||
Please file a ticket if you have a custom project template containing
|
||
``.py-tpl`` files and find this behavior problematic.
|
||
|
||
Bugfixes
|
||
========
|
||
|
||
* Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match``
|
||
checks to always return HTTP 200 (:ticket:`26024`).
|
||
|
||
* Fixed a regression that caused the "user-tools" items to display on the
|
||
admin's logout page (:ticket:`26035`).
|
||
|
||
* Fixed a crash in the translations system when the current language has no
|
||
translations (:ticket:`26046`).
|
||
|
||
* Fixed a regression that caused the incorrect day to be selected when opening
|
||
the admin calendar widget for timezones from GMT+0100 to GMT+1200
|
||
(:ticket:`24980`).
|
||
|
||
* Fixed a regression in the admin's edit related model popup that caused an
|
||
escaped value to be displayed in the select dropdown of the parent window
|
||
(:ticket:`25997`).
|
||
|
||
* Fixed a regression in 1.8.8 causing incorrect index handling in migrations on
|
||
PostgreSQL when adding ``db_index=True`` or ``unique=True`` to a
|
||
``CharField`` or ``TextField`` that already had the other specified, or when
|
||
removing one of them from a field that had both, or when adding
|
||
``unique=True`` to a field already listed in ``unique_together``
|
||
(:ticket:`26034`).
|
||
|
||
* Fixed a regression where defining a relation on an abstract model's field
|
||
using a string model name without an app_label no longer resolved that
|
||
reference to the abstract model's app if using that model in another
|
||
application (:ticket:`25858`).
|
||
|
||
* Fixed a crash when destroying an existing test database on MySQL or
|
||
PostgreSQL (:ticket:`26096`).
|
||
|
||
* Fixed CSRF cookie check on POST requests when ``USE_X_FORWARDED_PORT=True``
|
||
(:ticket:`26094`).
|
||
|
||
* Fixed a ``QuerySet.order_by()`` crash when ordering by a relational field of
|
||
a ``ManyToManyField`` ``through`` model (:ticket:`26092`).
|
||
|
||
* Fixed a regression that caused an exception when making database queries on
|
||
SQLite with more than 2000 parameters when :setting:`DEBUG` is ``True`` on
|
||
distributions that increase the ``SQLITE_MAX_VARIABLE_NUMBER`` compile-time
|
||
limit to over 2000, such as Debian (:ticket:`26063`).
|
||
|
||
* Fixed a crash when using a reverse ``OneToOneField`` in
|
||
``ModelAdmin.readonly_fields`` (:ticket:`26060`).
|
||
|
||
* Fixed a crash when calling the ``migrate`` command in a test case with the
|
||
``available_apps`` attribute pointing to an application with migrations
|
||
disabled using the ``MIGRATION_MODULES`` setting (:ticket:`26135`).
|
||
|
||
* Restored the ability for testing and debugging tools to determine the
|
||
template from which a node came from, even during template inheritance or
|
||
inclusion. Prior to Django 1.9, debugging tools could access the template
|
||
origin from the node via ``Node.token.source[0]``. This was an undocumented,
|
||
private API. The origin is now available directly on each node using the
|
||
``Node.origin`` attribute (:ticket:`25848`).
|
||
|
||
* Fixed a regression in Django 1.8.5 that broke copying a ``SimpleLazyObject``
|
||
with ``copy.copy()`` (:ticket:`26122`).
|
||
|
||
* Always included ``geometry_field`` in the GeoJSON serializer output regardless
|
||
of the ``fields`` parameter (:ticket:`26138`).
|
||
|
||
* Fixed the ``contrib.gis`` map widgets when using
|
||
``USE_THOUSAND_SEPARATOR=True`` (:ticket:`20415`).
|
||
|
||
* Made invalid forms display the initial of values of their disabled fields
|
||
(:ticket:`26129`).
|