mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-09 20:29:12 +00:00
Code Issues 32 Releases Wiki Activity
29,559 Commits 29 Branches 451 Tags
Commit Graph

3 Commits

Author SHA1 Message Date
Jacob Walls
9a65e62c93 [3.2.x] Fixed typo in docs/releases/3.1.13.txt. 
Backport of 00c724f2f255bd3c28a73cc51db8a052644ff949 from main
 2021-07-16 20:30:48 +02:00
Simon Charette
a34a5f724c [3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 
Regression introduced in 513948735b799239f3ef8c89397592445e1a0cd5
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec3197009b88e3a633128bbcbd76eea0b46ff
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.
 2021-07-01 08:29:23 +02:00
Mariusz Felisiak
da2269dc6f [3.2.x] Added stub release notes for 3.1.13 and release date for 3.2.5. 
Backport of 8e97698d7b537cd298438a8d7b55916d275ff851 from main
 2021-07-01 06:57:41 +02:00