[ANNOUNCE] Django security releases issued (1.4.21, 1.7.9, and 1.8.3)
102 views
Skip to first unread message
Tim Graham
Jul 8, 2015, 4:11:26 PM7/8/15
to django-...@googlegroups.com, django-d...@googlegroups.com, django...@googlegroups.com, oss-se...@lists.openwall.com
Today the Django team issued multiple releases -- Django 1.4.21, 1.7.9, and 1.8.3 -- as part of our security process.
These releases address a couple security issues, and we encourage all users to upgrade as soon as possible.
More details can be found on our blog:
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
As a reminder, we ask that potential security issues be reported via private email to secu...@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.
More details can be found on our blog:
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
As a reminder, we ask that potential security issues be reported via private email to secu...@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.
tomv
Jul 10, 2015, 6:00:20 AM7/10/15
to django-d...@googlegroups.com
Out of interest what's wrong with casting to int and checking for exceptions?
This is the removed code:
try:
int(value)
except (ValueError, TypeError):
raise ValidationError(_('Enter a valid integer.'), code='invalid')
Does this match different strings than the new regex: re.compile('^-?\d+\Z') ? Or is it more about performance, OverflowError etc?
Florian Apolloner
Jul 10, 2015, 6:32:50 AM7/10/15
to django-d...@googlegroups.com
In [1]: int(' 5 ')
Out[1]: 5
Cheers,
Florian
Out[1]: 5
Cheers,
Florian
Łukasz Rekucki
Jul 10, 2015, 6:35:36 AM7/10/15
to django-developers
Tom's question got me thinking. Should non-ASCII numerals be allowed ?
import re
for x in ("10", "६"):
print("INT", int(x))
print("RE", re.match("^-?\d+\Z", x) is not None)
On Python 3 this returns True and True unless you add re.ASCII flag.
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-develop...@googlegroups.com.
> To post to this group, send email to django-d...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/52e4d514-fe86-4867-a640-3484939dd882%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Łukasz Rekucki
import re
for x in ("10", "६"):
print("INT", int(x))
print("RE", re.match("^-?\d+\Z", x) is not None)
On Python 3 this returns True and True unless you add re.ASCII flag.
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-develop...@googlegroups.com.
> To post to this group, send email to django-d...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/52e4d514-fe86-4867-a640-3484939dd882%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Łukasz Rekucki
Reply all
Reply to author
Forward
0 new messages