django/docs/releases/1.11.29.txt

============================
Django 1.11.29 release notes
============================

*March 4, 2020*

Django 1.11.29 fixes a security issue in 1.11.28.

CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
============================================================================================================

GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted ``tolerance``.
Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. Thanks to Norbert Szetei for the report. 2020-02-24 13:46:28 +00:00			`============================`
			`Django 1.11.29 release notes`
			`============================`

			`March 4, 2020`

Fixed typo in docs/releases/1.11.29.txt. 2020-03-04 09:46:43 +00:00			`Django 1.11.29 fixes a security issue in 1.11.28.`
Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. Thanks to Norbert Szetei for the report. 2020-02-24 13:46:28 +00:00
			CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
			`============================================================================================================`

			`GIS functions and aggregates on Oracle were subject to SQL injection,`
			using a suitably crafted ``tolerance``.