UUID stored with hyphens causes DB error in 1.4.1
LaurinSchofeld opened this issue · 6 comments
Hi, I updated to 1.4.1 to have the vulnerability fixed, but encountered the following error when trying to login and also when trying to update a UUID field on an existing user:
ProgrammingError: ('42000', '[42000] [Microsoft][ODBC Driver 18 for SQL Server][SQL Server]Insufficient result space to convert uniqueidentifier value to char. (8170) (SQLExecDirectW)')
File "django/db/backends/utils.py", line 89, in _execute
return self.cursor.execute(sql, params)
File "mssql/base.py", line 678, in execute
return self.cursor.execute(sql, params)
ProgrammingError: ('42000', '[42000] [Microsoft][ODBC Driver 18 for SQL Server][SQL Server]Insufficient result space to convert uniqueidentifier value to char. (8170) (SQLExecDirectW)')
(24 additional frame(s) were not displayed)
...
File "django/db/backends/utils.py", line 80, in _execute_with_wrappers
return executor(sql, params, many, context)
File "django/db/backends/utils.py", line 84, in _execute
with self.db.wrap_database_errors:
File "django/db/utils.py", line 91, in __exit__
raise dj_exc_value.with_traceback(traceback) from exc_value
File "django/db/backends/utils.py", line 89, in _execute
return self.cursor.execute(sql, params)
File "mssql/base.py", line 678, in execute
return self.cursor.execute(sql, params)
my packages:
Django = "==4.2.10"
dj-database-url = "==1.2.0"
django-crispy-forms = "==1.11.2"
mssql-django = "==1.4.1"
graphyte = "==1.7.1"
graypy = "==2.1.0"
pyjwt = "==2.4.0"
djangorestframework = "==3.14.0"
suds-py3 = "==1.4.5.0"
cryptography = "==42.0.5"
pymemcache = "==3.4.1"
channels = "==4.0.0"
channels-redis = "==4.1.0"
django-dirtyfields = "==1.8.1"
django-constance = {extras = ["database"], version = "==3.0.0"}
django-redis = "==5.2.0"
sentry-sdk = "==1.14.0"
ipython = "==8.12.2"
daphne = "==4.0.0"
tzdata = "==2023.3"
typing-extensions = "==4.7.1"
django-cors-headers = "==4.3.1"
Downgrading to 1.4 or 1.3 resolves this issue.
Looking at the before and after, it seems that the UUIDField now tries to store the UUID with hyphens, when before it was stored without them.
Is this a wanted change? I could not find it directly mentioned in the Changelog.
Might be caused by Fix aggregate queries with case expressions #354
Also seeing this. Trying to access a record using the UUID results in this error message
Conversion failed when converting from a character string to uniqueidentifier.
Using 1.4 fixes this issue for me.
Same - not just for UUID fields but also where the call .objects.get(pk=....)
is made
Hi everyone, apologies for the inconveniences. We've updated our release notes to reflect the change.
In our latest release (1.4.1), we've updated the data type for UUIDField
Previously we used a workaround:
UUIDField = Char(32)
Now we natively support the type:
UUIDField = uniqueidentifier
This means that UUIDs will have hyphens and needs 36 characters. In your schema make sure the column type is uniqueidentifier.
After further review, we will be rolling these changes back. Expect a new release (1.4.2) within a few hours.
We've released Django 1.4.2 to revert the changes. We are still planning to add native UUID support but as a user-enabled option in the future.
Sounds like a good solution, thanks for your quick response 👍 The latest release fixes my issue so I hope it's okay to close this as resolved.