mirror of
https://github.com/django/django.git
synced 2024-12-27 11:35:53 +00:00
14 lines
442 B
Plaintext
14 lines
442 B
Plaintext
|
============================
|
||
|
Django 1.11.28 release notes
|
||
|
============================
|
||
|
|
||
|
*February 3, 2020*
|
||
|
|
||
|
Django 1.11.28 fixes a security issue in 1.11.27.
|
||
|
|
||
|
CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``
|
||
|
===================================================================
|
||
|
|
||
|
:class:`~django.contrib.postgres.aggregates.StringAgg` aggregation function was
|
||
|
subject to SQL injection, using a suitably crafted ``delimiter``.
|