1
0
mirror of https://github.com/django/django.git synced 2024-12-23 17:46:27 +00:00
django/docs/releases/4.0.7.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

16 lines
619 B
Plaintext
Raw Normal View History

2022-07-04 08:05:55 +00:00
==========================
Django 4.0.7 release notes
==========================
*August 3, 2022*
2022-07-04 08:05:55 +00:00
2022-08-03 06:36:32 +00:00
Django 4.0.7 fixes a security issue with severity "high" in 4.0.6.
2022-07-04 08:05:55 +00:00
CVE-2022-36359: Potential reflected file download vulnerability in ``FileResponse``
===================================================================================
An application may have been vulnerable to a reflected file download (RFD)
attack that sets the Content-Disposition header of a
:class:`~django.http.FileResponse` when the ``filename`` was derived from
user-supplied input. The ``filename`` is now escaped to avoid this possibility.