Django 1.9.5 release notes

April 1, 2016

Django 1.9.5 fixes several bugs in 1.9.4.

Bugfixes

  • Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input (#%s26325).
  • Fixed a race condition in BaseCache.get_or_set() (#%s26332). It now returns the default value instead of False if there’s an error when trying to add the value to the cache.
  • Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None (#%s26324).
  • The forms in contrib.auth no longer strip trailing and leading whitespace from the password fields (#%s26334). The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django.
  • Fixed a memory leak in the cached template loader (#%s26306).
  • Fixed a regression that caused collectstatic --clear to fail if the storage doesn’t implement path() (#%s26297).
  • Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has a to_field set to something other than the primary key (#%s26373).
  • Fixed a regression in CommonMiddleware that caused spurious warnings in logs on requests missing a trailing slash (#%s26293).
  • Restored the functionality of the admin’s raw_id_fields in list_editable (#%s26387).
  • Fixed a regression with abstract model inheritance and explicit parent links (#%s26413).
  • Fixed a migrations crash on SQLite when renaming the primary key of a model containing a ForeignKey to 'self' (#%s26384).
  • Fixed JSONField inadvertently escaping its contents when displaying values after failed form validation (#%s25532).
up