mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 04:39:13 +00:00
Code Issues 32 Releases Wiki Activity
29,559 Commits 29 Branches 451 Tags
Commit Graph

3 Commits

Author SHA1 Message Date
Mariusz Felisiak
9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
 2022-04-11 09:12:58 +02:00
Mariusz Felisiak
2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
 2022-04-11 09:12:06 +02:00
Mariusz Felisiak
70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
 2022-04-04 10:51:06 +02:00