python

Back Open Paginator
03.02.2026 15:36
catileptic (@catileptic@chaos.social)

#python folx, how does one suppress the "pretty printing" of stack traces in python (v11+)?

i vaguely remember there was an env var that one could use to say "just print the legacy stack trace, and not these beautiful, colourful, modern tables"

does anyone remember this?

so far i have see PYTHONTRACEBACK or PYTHONNODEBUGRANGES as options, but they're not what i am looking for




Show Original Post

Report

03.02.2026 15:20
rennerocha (@rennerocha@chaos.social)

Anyone knows an alternative library (with active development) for django-storages? Despite being suggested everywhere, its development is quite slow with too many open PRs and the maintainer is not being responsive.

#python #django #django-storages




Show Original Post

Report

03.02.2026 15:20
content (@content@socialhome.network)

Django security releases issued: 6.0.2, 5.2.11, and 4.2.28

In accordance with our security release policy, the Django team is issuing releases for Django 6.0.2, Django 5.2.11, and Django 4.2.28. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler

The <tt class="docutils literal">django.contrib.auth.handlers.modwsgi.check_password()</tt> function for authentication via <tt class="docutils literal">mod_wsgi</tt> allowed remote attackers to enumerate users via a timing attack.

Thanks to Stackered for the report.

This issue has severity "low" according to the Django security policy.

CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI

When receiving duplicates of a single header, <tt class="docutils literal">ASGIRequest</tt> allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage.

Thanks to Jiyong Yang for the report.

This issue has severity "moderate" according to the Django security policy.

CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS

Raster lookups on GIS fields (only implemented on PostGIS) were subject to SQL injection if untrusted data was used as a band index.

As a reminder, all untrusted user input should be validated before use.

Thanks to Tarek Nakkouch for the report.

This issue has severity "high" according to the Django security policy.

CVE-2026-1285: Potential denial-of-service vulnerability in <tt class="docutils literal">django.utils.text.Truncator</tt> HTML methods

<tt class="docutils literal">django.utils.text.Truncator.chars()</tt> and <tt class="docutils literal">Truncator.words()</tt> methods (with <tt class="docutils literal">html=True</tt>) and <tt class="docutils literal">truncatechars_html</tt> and <tt class="docutils literal">truncatewords_html</tt> template filters were subject to a potential denial-of-service attack via certain inputs with a large number of unmatched HTML end tags, which could cause quadratic time complexity during HTML parsing.

Thanks to Seokchan Yoon for the report.

This issue has severity "moderate" according to the Django security policy.

CVE-2026-1287: Potential SQL injection in column aliases via control characters

<tt class="docutils literal">FilteredRelation</tt> was subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the <tt class="docutils literal">**kwargs</tt> passed to <tt class="docutils literal">QuerySet</tt> methods <tt class="docutils literal">annotate()</tt>, <tt class="docutils literal">aggregate()</tt>, <tt class="docutils literal">extra()</tt>, <tt class="docutils literal">values()</tt>, <tt class="docutils literal">values_list()</tt>, and <tt class="docutils literal">alias()</tt>.

Thanks to Solomon Kebede for the report.

This issue has severity "high" according to the Django security policy.

CVE-2026-1312: Potential SQL injection via <tt class="docutils literal">QuerySet.order_by</tt> and <tt class="docutils literal">FilteredRelation</tt>

<tt class="docutils literal">QuerySet.order_by()</tt> was subject to SQL injection in column aliases containing periods when the same alias was, using a suitably crafted dictionary, with dictionary expansion, used in <tt class="docutils literal">FilteredRelation</tt>.

Thanks to Solomon Kebede for the report.

This issue has severity "high" according to the Django security policy.

Affected supported versions

  • Django main
  • Django 6.0
  • Django 5.2
  • Django 4.2

Resolution

Patches to resolve the issue have been applied to Django's main, 6.0, 5.2, and 4.2 branches. The patches may be obtained from the following changesets.

CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler

CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI

CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS

CVE-2026-1285: Potential denial-of-service vulnerability in <tt class="docutils literal">django.utils.text.Truncator</tt> HTML methods

CVE-2026-1287: Potential SQL injection in column aliases via control characters

CVE-2026-1312: Potential SQL injection via <tt class="docutils literal">QuerySet.order_by</tt> and <tt class="docutils literal">FilteredRelation</tt>

The following releases have been issued

The PGP key ID used for this release is Jacob Walls: 131403F4D16D8DC7

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to <tt class="docutils literal">security@djangoproject.com</tt>, and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information.

https://www.djangoproject.com/weblog/2026/feb/03/security-releases/

#django #python #webdev




Show Original Post

Report

03.02.2026 15:18
paulox (@paulox@fosstodon.org)

Django 6.0.2 is out and it’s an important security release 🚨

It fixes:
• HIGH severity SQL injection issues (FilteredRelation, order_by, PostGIS raster lookups)
• MODERATE severity DoS issues (ASGI repeated headers, Truncator HTML parsing)
• a LOW severity timing attack in mod_wsgi auth

djangoproject.com/weblog/2026/

Similar security fixes were also released for Django 5.2.11 and 4.2.28.

If you run Django in production, read the release notes and plan an update 🔒

#Django #Security #Python #Release




Show Original Post

Report

03.02.2026 15:00
gtronix (@gtronix@infosec.exchange)

"ZX Spectrum flies simulated spacecraft using BASIC, Python, and serial — Kerbal Space Program Lunar lander powered by 1980s hardware"

"Controlling a lunar lander using a 1980s home computer is not for the faint of heart, and this project shows how one intrepid developer linked the world of BASIC to the simulated world of Kerbal Space Program using Python and Serial."

tomshardware.com/video-games/r

#Python




Show Original Post

Report

03.02.2026 13:58
laurentabbal (@laurentabbal@mastodon.social)

[ 1re] Les premières œuvres du projet Art-léatoire 2026 arrivent.





Show Original Post

Report

03.02.2026 13:42
habr (@habr@zhub.link)

Слепое пятно аудио-форензики: Реализуем скрытый канал передачи данных в метаданных MP3 на Python

Считаете, что спрятать файл внутри песни, не испортив звук, невозможно? Мы тоже так думали, пока не разобрали спецификацию ID3v2 до винтика. Оказывается, внутри каждого MP3-файла есть «слепая зона», куда можно положить ключи шифрования, документы или исходный код, и при этом: MD5 аудиопотока не изменится. Спектрограмма будет идеально чистой. Файл проиграется в любом плеере. Мы написали ChameleonLab: MP3 Stego на Python, чтобы доказать это. Внутри — полный разбор архитектуры, код и сценарии использования для защиты авторских прав.

habr.com/ru/companies/chameleo

#Python #Steganography #MP3 #PyQt6 #Information_Security #Digital_Forensics #chameleonlab




Show Original Post

Report

03.02.2026 13:29
richard (@richard@www.main-vision.com)

Vibe Coding a Flickr Export Tool with Google Gemini

Reading Time: 3 minutes

Recently I decided that I would backup my Flickr library locally despite having over a year left on my pro account. In so doing, when the decision comes whether to dump, or keep using flickr, I will know that my data is safely backed up locally. Of course I decided to play with the archive but came upon a snag.

E6 Microdegrees

That snag is that Flickr uses the E6 Format, also known as Microdegrees. With Google Takeout, when I exported photoss I used the exiftool to add metadata to photos and it worked fine. Because it worked fine I then moved photos to Photoprism and Immich without issues. With Flickr photos using the E6 Microdegrees format photos displayed as being taken in the middle of the Atlantic near the coast of Africa rather than the canton de Vaud.

With a few iterations Gemini finally figured out the issue and divided exif data by a million. To correct this error Gemini and I exported the proper geodata to a CSV file, before then adding it to the exifdata of photographs.

Re-Use Flickr Metadata Added Over the Years

This morning I decided that I wanted to add the tags, titles, and other metadata back into the exif data so we created a new iteration of the CSV file.

Re-naming files With Their Creation Date

After several iterations I decided to rename files using their title when they had a human readable title, rather than the number given by Flickr's tools. I then decided that since we're renaming the files anyway we might as well add original creation date of the files to the filename. They now use the yyyy-mm-dd-filename.jpg convention.

A Folder Hierarchy

Since we've added the metadata to the photos, and renamed the files to display their creation date without opening individual files it made sense to go an extra step by creating a folder architecture by year/month/day. In so doing it becomes easy for an individual to look for, and find photos, without the use of a CMS.

TLDR of Steps According to Gemini

The Rational Behind Backing Up

Flickr is a great community for photographers to share beautiful photos but its free tier has shifted. It went from 200 public photos, up to 1TB, and then back down to 1000 photos max. the price per year went up so it became more interesting to pay for two years, rather than one at a time.

For a while I downgraded to the free tier, expecting that my photos would be deleted from flickr. They weren't. I stopped paying because I expected Flickr to be mothballed and eventually vanish. It currently looks alive and well. I believe that's why I decided to pay for another two years at the time.

An Export Worlflow and a Reason to Stick With Flickr

My experiment, over the last two days has strengthened the use case for Flickr Pro as a cloud backup solution. If like me, you have a work flow in place to download and process Flickr Export zip files, then within a day or two you can re-create your library locally.

A simple "for each loop" can download your zips in the background once the backup is ready.

And Finally

Years ago I exported photos from Google Photos via Takeout and from Flickr via Flickr Export but I didn't know how to re-combine the data from the json files into photo exif data. Over the last week, through experimentation. I have been able to export photos from Google Photos and Flickr, and recover them, for ingesting into Photoprism and Immich.

Without Gemini I would need to spend hours reading the documents and through trial, and error get it to do what I want. With Google Gemini it does the RTFM part (read the fabulous manual), and I ask it for help.

Now I'm on the cheapest iCloud tier, I can downgrade to a cheaper Google One tier, I can dump Swisscom MyCloud and I can re-think how I use Flickr.

I have been using Gemini as a tutor.

#AI #exiftool #flickr #Python #vibeCoding



Show Original Post

Report

03.02.2026 12:25
mrswats (@mrswats@fosstodon.org)

Hello, mastodon.

I wrote another post to my blog: jovell.dev/blog/2026/2/more-te

#Automation #Templates #Django #Python




Show Original Post

Report

03.02.2026 12:02
techbot (@techbot@social.raytec.co)

Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are expanding beyond Windows, targeting macOS and leveraging cross-platform languages like Python. Recent campaigns use social engineering to deploy macOS-specific infostealers such as DigitStealer, MacSync, and AMOS. These stealers use fileless execution and native macOS utilities to harvest credentials and sensitive data. Python-based stealers are also on the rise, allowing attackers to quickly adapt and target diverse environments. Additionally, threat actors are abusing trusted platforms like WhatsApp and PDF converter tools to distribute malware such as Eternidade Stealer. These evolving threats blend into legitimate ecosystems and evade conventional defenses, posing significant risks to organizations across various operating systems and delivery channels.

Pulse ID: 698128e5c91f86b355408497
Pulse Link: otx.alienvault.com/pulse/69812
Pulse Author: AlienVault
Created: 2026-02-02 22:44:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AMOS #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #PDF #Python #RAT #Rust #SocialEngineering #WhatsApp #Windows #bot #AlienVault




Show Original Post

Report

03.02.2026 11:16
barneyj (@barneyj@mastodon.social)

dev log #1 (a long one)

I did a write up no my recent pytest optimisation sprint:

leadr.gg/blog/what-2000-ai-gen




Show Original Post

Report

03.02.2026 11:01
qiita (@qiita@rss-mstdn.studiofreesia.com)

Qiitaでの発信をきっかけに書籍を出版しました
qiita.com/c60evaporator/items/

#qiita #Python #データ分析 #AI #podcast




Show Original Post

Report

1 ...543 544 545 546 547 548 549 550 551 552 553 ...1587
UP
created by:  Chefblogger.me - Eric on Mastodon