Rev to django~=2.2.23 for cve and bug fixes. #772
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bump from LTS 2.2.20 to 2.2.23
2.2.21 included some security improvements but
also a new django bug that caused a bug in pulpcore
https://pulp.plan.io/issues/8691
2.2.22 has fix for:
CVE-2021-32052 django: header injection possibility
since URLValidator accepted newlines in input on Python.
But 2.2.22 still had the bug introduced in 2.2.21
2.2.23 resolves the issue that causes
https://pulp.plan.io/issues/8691
Issue: AAH-601
Issue: AAH-583
Issue: AAH-584