* Fixed bug Cannot read property 'current' of undefined at AAMModel.setupAttributeValue

* Updated changelog

* annotations.put()

* Fixed annotations.put()

* Dump & upload

* Two fixes

* Tested upload

* Updated built of cvat.js

* Remote files through cvat.js

* Case sensitive renaming

* Update `cvat-js` lib.

* Add `.env` file

* Add basic redux capabilities

* Remove `setTimeout` as it was fixes in `cvat-js`

* Remove redundant state field

* Add header and footer styles

* Remove `Affix`

It does not recalculete width for some reason

* Add basic styles to task cards

* Fix empty component

* Pagination fixes

* Add modal on task delete

* handle invalid json labelmap file case correctly on create/update DL model stage
* dummy_label_map -> dummy_labelmap
* renamed load_label_map function
* Update CHANGELOG.md

* Run tests for REST API
* Added DJANGO_CONFIGURATION with value "testing"
* Fixed crash of python tests
* Update .travis.yml
* Update CHANGELOG.md
* Removed --settings option

* Split implementation

* Group implementation

* Reset cache for created object after saving

* A litle fix

* API methods definitions

* Typos

* API methods annotations.Statistics() and annotationsclear()

* Object selection

* Little fix

* Comments and docs a little changed

* Increase/decrease ZOrder

* ZOrder up/down

* Some crutial bugs fixed

* hasUnsavedChanges and merge

* Added API description

* Fixed bugs

* Merge was tested

* New file

* Fixed unit tests

* Fixed small bug which reproduced only after build

In docker container we use python 3.5 and f'{}' isn't available.

* Case sensitive renaming

* Update `cvat-js` lib.

* Add `.env` file

* Add basic redux capabilities

* Remove `setTimeout` as it was fixes in `cvat-js`

* Remove redundant state field

* Annotation saver

* Removed extra code

* Eslint fixes

* ability to add custom extractors
* added configurable mimetypes
* added a note to changelog

* Update `cvat.js`
* Update metadata
* Minor refactoring
* Using sass
* Dashboard components structure
* Add pagination

* Fixed line endings
* Updated CHANGELOG.md

Thanks for the contribution 👍 . I'm sure that many users of CVAT will benefit from the enhanced version of "automatic annotation".

* Fixed authorization in case of invalid login/password
* The first version of frames
* Frames work in browser
* Init version of getting annotations
* Getting annotations from the server
* Couple of fixes
* Removed extra line

Allow CORS from `http://localhost:3000`

CVE-2019-12308 More information

moderate severity
Vulnerable versions: >= 2.1.0, < 2.1.9
Patched version: 2.1.9
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.

WS-2019-0037 More information

moderate severity
Vulnerable versions: < 3.9.1
Patched version: 3.9.1
Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates.

* Update CHANGELOG.md

* fixed auto_annotation for multijob tasks
* Added note to changelog