v0.16.6

This is a security fix release. We strongly recommend people upgrade.

Security fixes:

• Fixed SQL injection issue in MySQL
• Fixed SQL injection issues in MySQL when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
• Fixed malformed SQL for PostgreSQL and SQLite when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)

Other changes:

• Added support for partial models:

  To create a partial model, one can do a .only(<fieldnames-as-strings>) as part of the QuerySet.
  This will create model instances that only have those values fetched.

  Persisting changes on the model is allowed only when:

  • All the fields you want to update is specified in <model>.save(update_fields=[...])
  • You included the Model primary key in the `.only(...)``

  To protect against common mistakes we ensure that errors get raised:

  • If you access a field that is not specified, you will get an AttributeError.
  • If you do a <model>.save() a IncompleteInstanceError will be raised as the model is, as requested, incomplete.
  • If you do a <model>.save(update_fields=[...]) and you didn't include the primary key in the .only(...),
    then IncompleteInstanceError will be raised indicating that updates can't be done without the primary key being known.
  • If you do a <model>.save(update_fields=[...]) and one of the fields in update_fields was not in the .only(...),
    then IncompleteInstanceError as that field is not available to be updated.

• Fixed bad SQL generation when doing a .values() query over a Foreign Key
• Added <model>.update_from_dict({...}) that will mass update values safely from a dictionary
• Fixed processing URL encoded password in connection string