mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-14 06:39:24 +00:00
Code Issues 32 Releases Wiki Activity
27,062 Commits 29 Branches 451 Tags
Commit Graph

3 Commits

Author SHA1 Message Date
Mariusz Felisiak
29a6c98b4c [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:23:12 +02:00
Mariusz Felisiak
2c09e68ec9 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:22:17 +02:00
Mariusz Felisiak
8352b98e46 [2.2.x] Added stub release notes for 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:55:50 +02:00