Permalink
Please
sign in to comment.
Browse files
Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
- Loading branch information
Showing
with
45 additions
and 5 deletions.
| @@ -0,0 +1,13 @@ | ||
| ============================ | ||
| Django 1.11.28 release notes | ||
| ============================ | ||
|
|
||
| *February 3, 2020* | ||
|
|
||
| Django 1.11.28 fixes a security issue in 1.11.27. | ||
|
|
||
| CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)`` | ||
| =================================================================== | ||
|
|
||
| :class:`~django.contrib.postgres.aggregates.StringAgg` aggregation function was | ||
| subject to SQL injection, using a suitably crafted ``delimiter``. |
| @@ -0,0 +1,13 @@ | ||
| =========================== | ||
| Django 2.2.10 release notes | ||
| =========================== | ||
|
|
||
| *February 3, 2020* | ||
|
|
||
| Django 2.2.10 fixes a security issue in 2.2.9. | ||
|
|
||
| CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)`` | ||
| =================================================================== | ||
|
|
||
| :class:`~django.contrib.postgres.aggregates.StringAgg` aggregation function was | ||
| subject to SQL injection, using a suitably crafted ``delimiter``. |
0 comments on commit
eb31d84