mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 17:59:13 +00:00
Code Issues 32 Releases Wiki Activity

[3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.

Browse Source 
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
This commit is contained in:
Mariusz Felisiak 2022-02-01 08:17:25 +01:00
parent 1e6b555c92
commit 6f309165e5
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/releases/security.txt
View File

@ -36,6 +36,32 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security All security issues have been handled under versions of Django's security
process. These are listed below. process. These are listed below.
February 1, 2022 - :cve:`2022-22818`
------------------------------------
Possible XSS via ``{% debug %}`` template tag. `Full description
<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__
Versions affected
~~~~~~~~~~~~~~~~~
* Django 4.0 :commit:`(patch) <01422046065d2b51f8f613409cad2c81b39487e5>`
* Django 3.2 :commit:`(patch) <1a1e8278c46418bde24c86a65443b0674bae65e2>`
* Django 2.2 :commit:`(patch) <c27a7eb9f40b64990398978152e62b6ff839c2e6>`
February 1, 2022 - :cve:`2022-23833`
------------------------------------
Denial-of-service possibility in file uploads. `Full description
<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__
Versions affected
~~~~~~~~~~~~~~~~~
* Django 4.0 :commit:`(patch) <f9c7d48fdd6f198a6494a9202f90242f176e4fc9>`
* Django 3.2 :commit:`(patch) <d16133568ef9c9b42cb7a08bdf9ff3feec2e5468>`
* Django 2.2 :commit:`(patch) <c477b761804984c932704554ad35f78a2e230c6a>`
January 4, 2022 - :cve:`2021-45452` January 4, 2022 - :cve:`2021-45452`
------------------------------------ ------------------------------------