[1.5.x] Update for 1.5.6 security release.

ubernostrum · ubernostrum · commit 486b6f398bba · 2014-04-21T17:51:51.000-05:00
diff --git a/django/__init__.py b/django/__init__.py
@@ -1,4 +1,4 @@
-VERSION = (1, 5, 6, 'alpha', 0)
+VERSION = (1, 5, 6, 'final', 0)
 
 def get_version(*args, **kwargs):
     # Don't litter django/__init__.py with all the get_version stuff.
diff --git a/docs/conf.py b/docs/conf.py
@@ -52,7 +52,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '1.5.5'
+version = '1.5.6'
 # The full version, including alpha/beta/rc tags.
 release = version
 # The next version to be released
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
@@ -448,3 +448,20 @@ Versions affected
 * Django 1.4 `(patch <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`__ and `Python compatibility fix) <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`__
 
 * Django 1.5 `(patch) <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`__
+
+
+April 21, 2014 - CVE-2014-2014-0472
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`CVE-2014-0472 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0472&cid=2>`_: Unexpected code execution using ``reverse()``. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`_
+
+Versions affected
+-----------------
+
+* Django 1.4 `(patch <https://github.com/django/django/commit/c1a8c420fe4b27fb2caf5e46d23b5712fc0ac535>`_)
+
+* Django 1.5 `(patch <https://github.com/django/django/commit/2a5bcb69f42b84464b24b5c835dca6467b6aa7f1>`_)
+
+* Django 1.6 `(patch <https://github.com/django/django/commit/4352a50871e239ebcdf64eee6f0b88e714015c1b>`_)
+
+* Django 1.7 `(patch <https://github.com/django/django/commit/546740544d7f69254a67b06a3fc7fa0c43512958>`_)
diff --git a/setup.py b/setup.py
@@ -85,7 +85,7 @@ def is_package(package_name):
     author_email='foundation@djangoproject.com',
     description=('A high-level Python Web framework that encourages '
                  'rapid development and clean, pragmatic design.'),
-    download_url='https://www.djangoproject.com/m/releases/1.5/Django-1.5.5.tar.gz',
+    download_url='https://www.djangoproject.com/m/releases/1.5/Django-1.5.6.tar.gz',
     license='BSD',
     packages=packages,
     package_data=package_data,

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-VERSION = (1, 5, 6, 'alpha', 0)`
	`1`	`+VERSION = (1, 5, 6, 'final', 0)`
`2`	`2`
`3`	`3`	`def get_version(args, *kwargs):`
`4`	`4`	`# Don't litter django/__init__.py with all the get_version stuff.`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@`
`52`	`52`	`# built documents.`
`53`	`53`	`#`
`54`	`54`	`# The short X.Y version.`
`55`		`-version = '1.5.5'`
	`55`	`+version = '1.5.6'`
`56`	`56`	`# The full version, including alpha/beta/rc tags.`
`57`	`57`	`release = version`
`58`	`58`	`# The next version to be released`