Django 2.2.8 版本发行说明

    Django 2.2.8 fixes a security issue, several bugs in 2.2.7, and adds compatibility with Python 3.8.

    Submitting these forms would not allow direct edits to the parent model, but would trigger the parent model’s method, and cause pre and post-save signal handlers to be invoked. This is a privilege escalation as a user who lacks permission to edit a model should not be able to trigger its save-related signals.

    This is a backwards-incompatible change, and the Django security team is aware that some users of Django were depending on the ability to allow editing of inlines in the admin form of an otherwise view-only parent model.

    For the time being, developers whose applications are affected by this change should replace the use of inlines in read-only parents with custom forms and views that explicitly implement the desired functionality. In the longer term, adding a documented, supported, and properly-tested mechanism for partially-editable multi-model forms to the admin interface may occur in Django itself.

    漏洞修复

    • Fixed a data loss possibility in the admin changelist view when a custom contains regular expression special characters, e.g. (#31031).
    • Fixed a data loss possibility in the . When using in the argument with multi-table inheritance, a parent model was locked instead of the queryset’s model ().