==========================Django 2.2.3 release notes==========================*July 1, 2019*Django 2.2.3 fixes a security issue and several bugs in 2.2.2. Also, the lateststring translations from Transifex are incorporated.CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS--------------------------------------------------------------------------------When deployed behind a reverse-proxy connecting to Django via HTTPS,:attr:`django.http.HttpRequest.scheme` would incorrectly detect clientrequests made via HTTP as using HTTPS. This entails incorrect results for:meth:`~django.http.HttpRequest.is_secure`, and:meth:`~django.http.HttpRequest.build_absolute_uri`, and that HTTPrequests would not be redirected to HTTPS in accordance with:setting:`SECURE_SSL_REDIRECT`.``HttpRequest.scheme`` now respects :setting:`SECURE_PROXY_SSL_HEADER`, if it isconfigured, and the appropriate header is set on the request, for both HTTP andHTTPS requests.If you deploy Django behind a reverse-proxy that forwards HTTP requests, andthat connects to Django via HTTPS, be sure to verify that your applicationcorrectly handles code paths relying on ``scheme``, ``is_secure()``,``build_absolute_uri()``, and ``SECURE_SSL_REDIRECT``.Bugfixes========* Fixed a regression in Django 2.2 where :class:`~django.db.models.Avg`,:class:`~django.db.models.StdDev`, and :class:`~django.db.models.Variance`crash with ``filter`` argument (:ticket:`30542`).* Fixed a regression in Django 2.2.2 where auto-reloader crashes with``AttributeError``, e.g. when using ``ipdb`` (:ticket:`30588`).