From c89ed8aa0e934046d8c0e2bd11c9da55c28686c0 Mon Sep 17 00:00:00 2001 From: vuln-bot Date: Tue, 18 Oct 2016 12:18:07 +0200 Subject: [PATCH 1/2] Changelog django-autocomplete-light version 2.3.0 --- data/insecure_full.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/insecure_full.json b/data/insecure_full.json index 3df33d574..28007949e 100644 --- a/data/insecure_full.json +++ b/data/insecure_full.json @@ -1472,6 +1472,12 @@ "v": "<0.4" } ], + "django-autocomplete-light": [ + { + "changelog": "\n - 555 Django 1.4, 1.5 and 1.6 deprecation\n - 497 Enable registration by model-name by luzfcb\n - 536 551 Support proxy models by onrik\n - 553 improved jQuery integration by blueyed\n - 516 Corrected french transation by apinsard\n - 541 Use error_messages on FieldBase to allow overrides by dsanders11\n - 505 Ordering alias clash fix by sandroden\n - 515 Polish translation update by mpasternak\n - 543 ModelChoiceField requires the queryset argument\n - 494 ModelChoiceField Watch changes to 'queryset' by jonashaag\n - 514 Fixed deprecation warning on Django 1.8 by spookylukey\n - 498 548 improved i18n support\n - 547 prevents loading genericm2m if not in INSTALLED_APPS\n - JAL18 Fix: Get value.length while value is null by hongquan\n - JAL19 Clarify license by stevellis, all MIT\n - JAL17 Disable the widget input when it is not in use dsanders11\n - JAL15 Support openning results in new tab thebao\n - JAL14 Don't autohilight first choice by default pandabuilder\n - JAL13 Add option for box aligning with right edge of input dsanders11\n\nIMPORTANT\n\n536 At this point, proxy model support is untested, this is because I intend\nto refactor the test suite and documentation during the 2.3.x serie.\n\n494 Updating the queryset from outside the autocomplete class may lead to a\nsecurity problem, ie. if you don't replicate filters you apply manually on the\nautocomplete object choices into choices_for_request() then a malicious user\ncould see choices which they shouldn't by querying the autocomplete directly.\n", + "v": "<2.3.0" + } + ], "django-embed-video": [ { "changelog": "---------------------------\n\n- Security fix: faked urls are treated as invalid. See `this page\n `_\n for more details.\n\n- Fixes:\n\n - allow of empty video field.\n\n - requirements in setup.py\n\n- Added simplier way to embed video in one-line template tag::\n\n {{ 'http://www.youtube.com/watch?v=guXyvo2FfLs'|embed:'large' }}\n\n- ``backend`` variable in ``video`` template tag.\n\n Usage::\n\n {% video item.video as my_video %}\n Backend: {{ my_video.backend }}\n {% endvideo %}\n\n\n", From ef88d91943605832b93675f36127fe5e47f83178 Mon Sep 17 00:00:00 2001 From: vuln-bot Date: Tue, 18 Oct 2016 12:18:08 +0200 Subject: [PATCH 2/2] Changelog django-autocomplete-light version 2.3.0 --- data/insecure.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/insecure.json b/data/insecure.json index 30117f6a2..3697a1a25 100644 --- a/data/insecure.json +++ b/data/insecure.json @@ -108,6 +108,9 @@ "django-anonymizer-compat": [ "<0.4" ], + "django-autocomplete-light": [ + "<2.3.0" + ], "django-embed-video": [ "<0.3" ],