==========================
Django 1.9.5 release notes
==========================

*April 1, 2016*

Django 1.9.5 fixes several bugs in 1.9.4.

Bugfixes
========

* Made ``MultiPartParser`` ignore filenames that normalize to an empty string
  to fix crash in ``MemoryFileUploadHandler`` on specially crafted user input
  (:ticket:`26325`).

* Fixed a race condition in ``BaseCache.get_or_set()`` (:ticket:`26332`). It
  now returns the ``default`` value instead of ``False`` if there's an error
  when trying to add the value to the cache.

* Fixed data loss on SQLite where ``DurationField`` values with fractional
  seconds could be saved as ``None`` (:ticket:`26324`).

* The forms in ``contrib.auth`` no longer strip trailing and leading whitespace
  from the password fields (:ticket:`26334`). The change requires users who set
  their password to something with such whitespace after a site updated to
  Django 1.9 to reset their password. It provides backwards-compatibility for
  earlier versions of Django.

* Fixed a memory leak in the cached template loader (:ticket:`26306`).

* Fixed a regression that caused ``collectstatic --clear`` to fail if the
  storage doesn't implement ``path()`` (:ticket:`26297`).

* Fixed a crash when using a reverse lookup with a subquery when a
  ``ForeignKey`` has a ``to_field`` set to something other than the primary key
  (:ticket:`26373`).

* Fixed a regression in ``CommonMiddleware`` that caused spurious warnings in
  logs on requests missing a trailing slash (:ticket:`26293`).

* Restored the functionality of the admin's ``raw_id_fields`` in
  ``list_editable`` (:ticket:`26387`).

* Fixed a regression with abstract model inheritance and explicit parent links
  (:ticket:`26413`).

* Fixed a migrations crash on SQLite when renaming the primary key of a model
  containing a ``ForeignKey`` to ``'self'`` (:ticket:`26384`).

* Fixed ``JSONField`` inadvertently escaping its contents when displaying values
  after failed form validation (:ticket:`25532`).