requirements.txt: bump Django version to fix CVE-2019-19844

Fixes a vulnerability in the password reset process due to
insufficiently stringent validation of unicode email addresses.

https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
https://nvd.nist.gov/vuln/detail/CVE-2019-19844

(The existing version specification would have selected the fixed
version of Django already for new installs, but bumping the minimum
ensures that it will be installed for upgrades with
./dockersetup.py -u as well.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton 2019-12-20 10:22:41 +13:00
parent 29dd3afa66
commit 8e3cbb7038

View File

@ -3,7 +3,7 @@ beautifulsoup4==4.8.1
billiard==3.6.1.0
celery==4.3.0
confusable-homoglyphs==3.2.0
Django>=1.11.24,<1.12
Django>=1.11.27,<1.12
django-appconf==1.0.3
django-axes==4.5.4
django-bootstrap-pagination==1.7.1