Bugfixes¶

• Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input (#26325).
• Fixed a race condition in BaseCache.get_or_set() (#26332). It now returns the default value instead of False if there’s an error when trying to add the value to the cache.
• Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None (#26324).
• The forms in contrib.auth no longer strip trailing and leading whitespace from the password fields (#26334). The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django.
• Fixed a memory leak in the cached template loader (#26306).
• Fixed a regression that caused collectstatic --clear to fail if the storage doesn’t implement path() (#26297).
• Fixed a crash when using a reverse lookup with a subquery when a ForeignKey has a to_field set to something other than the primary key (#26373).
• Fixed a regression in CommonMiddleware that caused spurious warnings in logs on requests missing a trailing slash (#26293).
• Restored the functionality of the admin’s raw_id_fields in list_editable (#26387).
• Fixed a regression with abstract model inheritance and explicit parent links (#26413).
• Fixed a migrations crash on SQLite when renaming the primary key of a model containing a ForeignKey to 'self' (#26384).
• Fixed JSONField inadvertently escaping its contents when displaying values after failed form validation (#25532).