Django security releases issued: 2.1.6, 2.0.11, and 1.11.19

216 views
Skip to first unread message

Carlton Gibson

unread,
Feb 11, 2019, 6:02:38 AM2/11/19
to Django developers (Contributions to Django itself), django-...@googlegroups.com, django...@googlegroups.com
Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our security process. These releases address a security issue, and we encourage all users to upgrade as soon as possible:

https://www.djangoproject.com/weblog/2019/feb/11/security-releases/

Riccardo Magliocchetti

unread,
Feb 11, 2019, 6:26:04 AM2/11/19
to django-d...@googlegroups.com
Hello Carlton,

Il 11/02/19 12:02, Carlton Gibson ha scritto:
> Today the Django team issued 2.1.6, 2.0.11, and 1.11.19 as part of our security process. These releases address a security issue, and we encourage all users to upgrade as soon as possible:
>
> https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
>

1.11.19 blew my tests on python 2.7, python3 works fine:
File "/usr/local/lib/python2.7/site-packages/django/template/base.py", line
184, in __init__
engine = Engine.get_default()
File "/usr/local/lib/python2.7/site-packages/django/utils/lru_cache.py", line
124, in wrapper
result = user_function(*args, **kwds)
File "/usr/local/lib/python2.7/site-packages/django/template/engine.py", line
76, in get_default
django_engines = [engine for engine in engines.all()
File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
89, in all
return [self[alias] for alias in self]
File "/usr/local/lib/python2.7/site-packages/django/template/utils.py", line
80, in __getitem__
engine = engine_cls(params)
File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 30, in __init__
options['libraries'] = self.get_templatetag_libraries(libraries)
File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 48, in get_templatetag_libraries
libraries = get_installed_libraries()
File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 113, in get_installed_libraries
for name in get_package_libraries(pkg):
File
"/usr/local/lib/python2.7/site-packages/django/template/backends/django.py",
line 130, in get_package_libraries
"trying to load '%s': %s" % (entry[1], e)
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.

--
Riccardo Magliocchetti
@rmistaken

http://menodizero.it

Carlton Gibson

unread,
Feb 11, 2019, 6:58:54 AM2/11/19
to Django developers (Contributions to Django itself)
Hi Riccardo. 

Please open a Trac ticket for this. (Current test suite passes, so it looks like we're missing coverage somewhere.) 
Thanks.

Raffaele Salmaso

unread,
Feb 11, 2019, 7:07:19 AM2/11/19
to django-d...@googlegroups.com
On Mon, Feb 11, 2019 at 12:25 PM Riccardo Magliocchetti <riccardo.ma...@gmail.com> wrote:
InvalidTemplateLibrary: Invalid template library specified. ImportError raised
when trying to load 'django.contrib.admin.templatetags.base': cannot import name
getfullargspec

1.11.18 works fine for the same test.
Hi Riccardo, please check if you use the correct django version, django.contrib.admin.templatetags.base is there from django 2.1

--

Riccardo Magliocchetti

unread,
Feb 11, 2019, 7:09:24 AM2/11/19
to django-d...@googlegroups.com
Hello Carlton,

filed here:
https://code.djangoproject.com/ticket/30175

Il 11/02/19 12:58, Carlton Gibson ha scritto:

Riccardo Magliocchetti

unread,
Feb 11, 2019, 7:15:12 AM2/11/19
to django-d...@googlegroups.com
Il 11/02/19 13:06, Raffaele Salmaso ha scritto:
> On Mon, Feb 11, 2019 at 12:25 PM Riccardo Magliocchetti <
> riccardo.ma...@gmail.com> wrote:
>
>> InvalidTemplateLibrary: Invalid template library specified. ImportError
>> raised
>> when trying to load 'django.contrib.admin.templatetags.base': cannot
>> import name
>> getfullargspec
>>
>> 1.11.18 works fine for the same test.
>>
> Hi Riccardo, please check if you use the correct django version,
> django.contrib.admin.templatetags.base is there from django 2.1

Yeah, what i'm reporting is that the wheel pip downloaded here does not match
the 1.11.19 tag in git.

Carlton Gibson

unread,
Feb 11, 2019, 7:18:00 AM2/11/19
to Django developers (Contributions to Django itself)


On Monday, 11 February 2019 13:15:12 UTC+1, riccardo.magliocchetti wrote:

Yeah, what i'm reporting is that the wheel pip downloaded here does not match
the 1.11.19 tag in git.

OK. Thanks. I'll have a look.  

Bruno Alla

unread,
Feb 11, 2019, 7:46:04 AM2/11/19
to Django developers (Contributions to Django itself)
It looks like 2.1.6 has unexpected new migrations as well https://code.djangoproject.com/ticket/30174

 Did something go wrong during the release publication?

Carlton Gibson

unread,
Feb 11, 2019, 8:08:40 AM2/11/19
to Django developers (Contributions to Django itself)


On Monday, 11 February 2019 13:46:04 UTC+1, Bruno Alla wrote:
 Did something go wrong during the release publication?

Yes. Additional files were packaged. (In all except the 2.2b1 release as far as I can tell.) 

I will release updated versions shortly.

I'll then publish a post-mortem.

C. 
Reply all
Reply to author
Forward
0 new messages