mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.

Browse Source 
Thanks WhiteSage for the report.
This commit is contained in:
Mariusz Felisiak
2020-08-21 11:44:46 +02:00
committed by Carlton Gibson
parent 2bc38bc7ca
commit 8d7271578d
7 changed files with 86 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/releases/2.2.16.txt
View File

@@ -4,7 +4,18 @@ Django 2.2.16 release notes
*Expected September 1, 2020*
Django 2.2.16 fixes two data loss bugs in 2.2.15.
Django 2.2.16 fixes a security issue and two data loss bugs in 2.2.15.
CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
======================================================================================
On Python 3.7+, :setting:`FILE_UPLOAD_DIRECTORY_PERMISSIONS` mode was not
applied to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using the
:djadmin:`collectstatic` management command.
You should review and manually fix permissions on existing intermediate-level
directories.
Bugfixes
========