diff --git a/CHANGELOG.md b/CHANGELOG.md index 00f0198..8a78ca6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ CHANGELOG VINCE Coordination platform code +Version 3.0.9 2024-10-28 + +* Update to fix Security issue with enumerate users in vincecomm (Internal-783 CVE-2024-10469) +* Update date format to VinceComm as per GH-Issue (GH Issue #157) + + Version 3.0.8 2024-10-14 * Fixed a potential security issue with pickle DOS reported by @coldwaterq [coldwaterq](https://github.com/coldwaterq) as [CVE-2024-9953](https://www.cve.org/CVERecord?id=CVE-2024-9953) resolved in 3.0.8 diff --git a/bigvince/settings_.py b/bigvince/settings_.py index 36e9042..5ada983 100644 --- a/bigvince/settings_.py +++ b/bigvince/settings_.py @@ -54,7 +54,7 @@ ROOT_DIR = environ.Path(__file__) - 3 # any change that requires database migrations is a minor release -VERSION = "3.0.8" +VERSION = "3.0.9" # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/ diff --git a/vinny/views.py b/vinny/views.py index 1e11e0b..e31adcf 100644 --- a/vinny/views.py +++ b/vinny/views.py @@ -1536,7 +1536,10 @@ def test_func(self): ).first() if admin: return PendingTestMixin.test_func(self) - return PendingTestMixin.test_func(self) + else: + return False + return PendingTestMixin.test_func(self) + return False def dispatch(self, request, *args, **kwargs): if self.kwargs.get("vendor_id"): @@ -2884,6 +2887,8 @@ def get_context_data(self, **kwargs): case = Case.objects.get(id=self.kwargs["pk"]) # content = VendorNotificationContent.objects.filter(case=case).first() context["case"] = case + logger.debug(f"case.due_date is {case.due_date}") + logger.debug(f"context['case'].due_date is {context['case'].due_date}") context["casepage"] = 1 context["today"] = timezone.now # context['content'] = content