========================== Django 1.9.5 release notes ========================== *Under development* Django 1.9.5 fixes several bugs in 1.9.4. Bugfixes ======== * Made ``MultiPartParser`` ignore filenames that normalize to an empty string to fix crash in ``MemoryFileUploadHandler`` on specially crafted user input (:ticket:`26325`). * Fixed a race condition in ``BaseCache.get_or_set()`` (:ticket:`26332`). It now returns the ``default`` value instead of ``False`` if there's an error when trying to add the value to the cache. * Fixed data loss on SQLite where ``DurationField`` values with fractional seconds could be saved as ``None`` (:ticket:`26324`). * The forms in ``contrib.auth`` no longer strip trailing and leading whitespace from the password fields (:ticket:`26334`). The change requires users who set their password to something with such whitespace after a site updated to Django 1.9 to reset their password. It provides backwards-compatibility for earlier versions of Django. * Fixed a memory leak in the cached template loader (:ticket:`26306`). * Fixed a regression that caused ``collectstatic --clear`` to fail if the storage doesn't implement ``path()`` (:ticket:`26297`). * Fixed a crash when using a reverse lookup with a subquery when a ``ForeignKey`` has a ``to_field`` set to something other than the primary key (:ticket:`26373`).