SnoopJ (@SnoopJ@hachyderm.io)
TIL that the ZIP format allows "repeated" entries with the same filename, and also that #Python's `zipfile` does not allow updating/removing an existing file in an archive (you have to make a new archive)
There is an open issue/PR for the latter, at least:
https://github.com/python/cpython/issues/51067
Show Original Post
edfloreshz (@edfloreshz@hachyderm.io)
Since when does #Python require you to have virtual environments to work? I can’t pip install globally now?
Show Original Post
pybay (@pybay@fosstodon.org)
🐍PyBay 2025 Speaker Highlight🎤 Tyler Suard “RAG Against the Machine: Winning the Retrieval Battle in Enterprise Python”
Learn how to scale Retrieval-Augmented Generation in Python. Tyler Suard shares production lessons, common pitfalls, and practical strategies from his Fortune 500 experience.
📍 Oct. 18, 2025, San Francisco, CA: https://pybay.org/
🎟️ Tickets: https://pretix.eu/bapya/pybay-2025/
🎤 More talks: https://pybay.org/speaking/talk-list-2025/
Show Original Post
pythonrennes (@pythonrennes@social.breizhcamp.org)
prochaine session de #Python #Rennes le mercredi 15 octobre 2025 chez Hellowork (merci pour l'accueil) : "Python - a kind of magic" avec Florian Strzelecki qui nous parlera d'annotations de typage et @lucsorelgiffo qui nous parlera de méthodes magiques et de métaclasses.
Plus d'infos et inscription (gratuite mais nécessaire) sur https://www.meetup.com/python-rennes/events/311313392/ #PythonRennes
Show Original Post
ubuntu_touch (@ubuntu_touch@mstdn.social)
Recortar una imagen es una acción muy común
Recortar una rana
#Python Costa Rica #CostaRica Geometria #SoftwareLibre
Show Original Post
cr0n0s (@cr0n0s@social.tchncs.de)
#h4ckseed Nueva entrada: Fail2Ban - Prevención contra intrusos
Mejorar la seguridad de tu servidor debería ser una de tus principales prioridades al administrar un servidor #Linux. Al revisar los logs de tu servidor, es posible que encuentres diversos intentos de inicio de sesión por fuerza bruta, floods web, búsqueda de exploits, entre otras o ninguna. Aquí es donde entra #FAil2Ban, escrita en #python, ya que puedes examinar estos mismo logs...
https://h4ckseed.wordpress.com/2025/10/01/fail2ban-prevencion-contra-intrusos/
Show Original Post
webology (@webology@mastodon.social)
RE: https://mastodon.social/@djangonews/115299458225842327
Just a reminder that @djangonews is a great way to get the latest @django security releases and other details, often hours before they appear elsewhere.
Show Original Post
content (@content@socialhome.network)
Django security releases issued: 5.2.7, 5.1.13, and 4.2.25
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.7, Django 5.1.13, and Django 4.2.25. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.
CVE-2025-59681: Potential SQL injection in <tt class="docutils literal">QuerySet.annotate()</tt>, <tt class="docutils literal">alias()</tt>, <tt class="docutils literal">aggregate()</tt>, and <tt class="docutils literal">extra()</tt> on MySQL and MariaDB
<tt class="docutils literal">QuerySet.annotate()</tt>, <tt class="docutils literal">QuerySet.alias()</tt>, <tt class="docutils literal">QuerySet.aggregate()</tt>, and <tt class="docutils literal">QuerySet.extra()</tt> methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the <tt class="docutils literal">**kwargs</tt> passed to these methods on MySQL and MariaDB.
Thanks to sw0rd1ight for the report.
This issue has severity "high" according to the Django security policy.
CVE-2025-59682: Potential partial directory-traversal via <tt class="docutils literal">archive.extract()</tt>
The <tt class="docutils literal">django.utils.archive.extract()</tt> function, used by <tt class="docutils literal">startapp --template</tt> and <tt class="docutils literal">startproject --template</tt>, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.
Thanks to stackered for the report.
This issue has severity "low" according to the Django security policy.
Affected supported versions
- Django main
- Django 6.0 (currently at alpha status)
- Django 5.2
- Django 5.1
- Django 4.2
Resolution
Patches to resolve the issue have been applied to Django's main, 6.0 (currently at alpha status), 5.2, 5.1, and 4.2 branches. The patches may be obtained from the following changesets.
CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB
- On the main branch
- On the 6.0 branch
- On the 5.2 branch
- On the 5.1 branch
- On the 4.2 branch
CVE-2025-59682: Potential partial directory-traversal via archive.extract()
- On the main branch
- On the 6.0 branch
- On the 5.2 branch
- On the 5.1 branch
- On the 4.2 branch
The following releases have been issued
- Django 5.2.7 (download Django 5.2.7 | 5.2.7 checksums)
- Django 5.1.13 (download Django 5.1.13 | 5.1.13 checksums)
- Django 4.2.25 (download Django 4.2.25 | 4.2.25 checksums)
The PGP key ID used for this release is Jacob Walls: 131403F4D16D8DC7
General notes regarding security reporting
As always, we ask that potential security issues be reported via private email to <tt class="docutils literal">security@djangoproject.com</tt>, and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information.
https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
Show Original Post
ehmatthes (@ehmatthes@fosstodon.org)
In a couple talks now, I've claimed that using django-simple-deploy should be a good way for experienced developers to try out a new hosting platform.
Before this morning, I had never actually used Render. I started reading the docs in order to help a new plugin author, but I quickly stopped and just tried their plugin.
It worked, and it was *so much easier* to run `git diff` and see what changes the plugin made to my sample project.
Show Original Post
hugovk (@hugovk@mastodon.social)
On the boat to Tallinn for PyCon Estonia!
#Python #PyCon #PyConEE #PyconEstonia #Tallinn #ferry
Show Original Post
archipylago (@archipylago@mementomori.social)
Our first meetup of the fall is coming next week, Thursday 9.10. at Konttori.
We're so excited because @maaretp is coming to Turku to talk about testing! @hamatti will talk about prototyping with Python.
More info and registration at https://www.meetabit.com/events/archipylago-13-october-2025-at-konttori
See you there!
#archipylago #TurkuDev #Python
Show Original Post
cdp1337 (@cdp1337@social.veraciousnetwork.com)
I thought I was going to be in luck, as there's a convenient 'Export Data' which generates a .zip containing all the source account data.
Went to the new instance expecting to import that zip, only to be greeted with 'This only supports CSV files'...
FML
SO, my current thought process is to let the new server pull in posts from the original server organically, (with help from https://github.com/nanos/FediFetcher), then with the aid of some custom Python-fu and Postgres magic, convert those remote posts to local posts.
My thought is this allows data to be migrated to the new instance, without the traditional issue of post spam from a flood of new messages on new accounts. Thus far I seem to be making good progress, though for whatever reason I'm only getting 30 days worth of content from this original server, (something I'll need to look into).
BUT, a query for the community; am I wasting my time? Is there a better option for migrating source posts and uploads to a new server? I understand that existing linking on remote servers may be funny as there's no adequate redirect support for posts, but that's less of a concern right now. My goal is simply to ensure user content is available on the new instance.
Show Original Post