1
0
mirror of https://github.com/django/django.git synced 2025-10-09 14:59:24 +00:00

2 Commits

Author SHA1 Message Date
Mariusz Felisiak
52fbae0a4d [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB.
Thanks sw0rd1ight for the report.

Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.

Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.
2025-10-01 08:24:18 -04:00
Mariusz Felisiak
10a2d3b837 [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25.
Backport of 00174507f8a91e9577ae233c58af561b379f2695 from main.
2025-09-24 11:41:04 -04:00