django/docs/releases/2.2.25.txt

===========================
Django 2.2.25 release notes
===========================

*December 7, 2021*

Django 2.2.25 fixes a security issue with severity "low" in 2.2.24.

CVE-2021-44420: Potential bypass of an upstream access control based on URL paths
=================================================================================

HTTP requests for URLs with trailing newlines could bypass an upstream access
control based on URL paths.
Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 2021-11-29 12:21:54 +00:00			`===========================`
			`Django 2.2.25 release notes`
			`===========================`

			`December 7, 2021`

			`Django 2.2.25 fixes a security issue with severity "low" in 2.2.24.`

Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. 2021-11-29 10:52:03 +00:00			`CVE-2021-44420: Potential bypass of an upstream access control based on URL paths`
			`=================================================================================`

			`HTTP requests for URLs with trailing newlines could bypass an upstream access`
			`control based on URL paths.`