mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs #12990 -- Removed django.contrib.postgres.fields.JSONField per deprecation timeline.

Browse Source
This commit is contained in:
Mariusz Felisiak
2021-01-14 09:33:12 +01:00
parent 98ae3925e5
commit 7cb5712edc
21 changed files with 45 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.11.23.txt
View File

@@ -41,7 +41,7 @@ CVE-2019-14234: SQL injection possibility in key and index lookups for ``JSONFie
====================================================================================================
:lookup:`Key and index lookups <jsonfield.key>` for
:class:`~django.contrib.postgres.fields.JSONField` and :lookup:`key lookups
``django.contrib.postgres.fields.JSONField`` and :lookup:`key lookups
<hstorefield.key>` for :class:`~django.contrib.postgres.fields.HStoreField`
were subject to SQL injection, using a suitably crafted dictionary, with
dictionary expansion, as the ``**kwargs`` passed to ``QuerySet.filter()``.