1. ==========================

  2. Django 1.9.2 release notes

  3. ==========================

  4. 

  5. *February 1, 2016*

  6. 

  7. Django 1.9.2 fixes a security regression in 1.9 and several bugs in 1.9.1. It

  8. also makes a small backwards incompatible change that hopefully doesn't affect

  9. any users.

  10. 

  11. Security issue: User with "change" but not "add" permission can create objects for ``ModelAdmin``’s with ``save_as=True``

  12. =========================================================================================================================

  13. 

  14. If a ``ModelAdmin`` uses ``save_as=True`` (not the default), the admin

  15. provides an option when editing objects to "Save as new". A regression in

  16. Django 1.9 prevented that form submission from raising a "Permission Denied"

  17. error for users without the "add" permission.

  18. 

  19. Backwards incompatible change: ``.py-tpl`` files rewritten in project/app templates

  20. ===================================================================================

  21. 

  22. The addition of some Django template language syntax to the default app

  23. template in Django 1.9 means those files now have some invalid Python syntax.

  24. This causes difficulties for packaging systems that unconditionally

  25. byte-compile ``*.py`` files.

  26. 

  27. To remedy this, a ``.py-tpl`` suffix is now used for the project and app

  28. template files included in Django. The ``.py-tpl`` suffix is replaced with

  29. ``.py`` by the ``startproject`` and ``startapp`` commands. For example, a

  30. template with the filename ``manage.py-tpl`` will be created as ``manage.py``.

  31. 

  32. Please file a ticket if you have a custom project template containing

  33. ``.py-tpl`` files and find this behavior problematic.

  34. 

  35. Bugfixes

  36. ========

  37. 

  38. * Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match``

  39.   checks to always return HTTP 200 (:ticket:`26024`).

  40. 

  41. * Fixed a regression that caused the "user-tools" items to display on the

  42.   admin's logout page (:ticket:`26035`).

  43. 

  44. * Fixed a crash in the translations system when the current language has no

  45.   translations (:ticket:`26046`).

  46. 

  47. * Fixed a regression that caused the incorrect day to be selected when opening

  48.   the admin calendar widget for timezones from GMT+0100 to GMT+1200

  49.   (:ticket:`24980`).

  50. 

  51. * Fixed a regression in the admin's edit related model popup that caused an

  52.   escaped value to be displayed in the select dropdown of the parent window

  53.   (:ticket:`25997`).

  54. 

  55. * Fixed a regression in 1.8.8 causing incorrect index handling in migrations on

  56.   PostgreSQL when adding ``db_index=True`` or ``unique=True`` to a

  57.   ``CharField`` or ``TextField`` that already had the other specified, or when

  58.   removing one of them from a field that had both, or when adding

  59.   ``unique=True`` to a field already listed in ``unique_together``

  60.   (:ticket:`26034`).

  61. 

  62. * Fixed a regression where defining a relation on an abstract model's field

  63.   using a string model name without an app_label no longer resolved that

  64.   reference to the abstract model's app if using that model in another

  65.   application (:ticket:`25858`).

  66. 

  67. * Fixed a crash when destroying an existing test database on MySQL or

  68.   PostgreSQL (:ticket:`26096`).

  69. 

  70. * Fixed CSRF cookie check on POST requests when ``USE_X_FORWARDED_PORT=True``

  71.   (:ticket:`26094`).

  72. 

  73. * Fixed a ``QuerySet.order_by()`` crash when ordering by a relational field of

  74.   a ``ManyToManyField`` ``through`` model (:ticket:`26092`).

  75. 

  76. * Fixed a regression that caused an exception when making database queries on

  77.   SQLite with more than 2000 parameters when :setting:`DEBUG` is ``True`` on

  78.   distributions that increase the ``SQLITE_MAX_VARIABLE_NUMBER`` compile-time

  79.   limit to over 2000, such as Debian (:ticket:`26063`).

  80. 

  81. * Fixed a crash when using a reverse ``OneToOneField`` in

  82.   ``ModelAdmin.readonly_fields`` (:ticket:`26060`).

  83. 

  84. * Fixed a crash when calling the ``migrate`` command in a test case with the

  85.   ``available_apps`` attribute pointing to an application with migrations

  86.   disabled using the ``MIGRATION_MODULES`` setting (:ticket:`26135`).

  87. 

  88. * Restored the ability for testing and debugging tools to determine the

  89.   template from which a node came from, even during template inheritance or

  90.   inclusion. Prior to Django 1.9, debugging tools could access the template

  91.   origin from the node via ``Node.token.source[0]``. This was an undocumented,

  92.   private API. The origin is now available directly on each node using the

  93.   ``Node.origin`` attribute (:ticket:`25848`).

  94. 

  95. * Fixed a regression in Django 1.8.5 that broke copying a ``SimpleLazyObject``

  96.   with ``copy.copy()`` (:ticket:`26122`).

  97. 

  98. * Always included ``geometry_field`` in the GeoJSON serializer output regardless

  99.   of the ``fields`` parameter (:ticket:`26138`).

  100. 

  101. * Fixed the ``contrib.gis`` map widgets when using

  102.   ``USE_THOUSAND_SEPARATOR=True`` (:ticket:`20415`).

  103. 

  104. * Made invalid forms display the initial of values of their disabled fields

  105.   (:ticket:`26129`).
About Sign Up Leave Feedback Contact