mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 17:59:13 +00:00
Code Issues 32 Releases Wiki Activity

[3.2.x] Added CVE-2021-35042 to security archive.

Browse Source 
Backport of 8feb2a49fa37528823cc900bbd9609319738193e from main
This commit is contained in:
Mariusz Felisiak 2021-07-01 09:57:08 +02:00
parent 92efd69107
commit 9fadb97583
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/releases/security.txt
View File

@ -36,6 +36,19 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security All security issues have been handled under versions of Django's security
process. These are listed below. process. These are listed below.
July 1, 2021 - :cve:`2021-35042`
--------------------------------
Potential SQL injection via unsanitized ``QuerySet.order_by()`` input. `Full
description
<https://www.djangoproject.com/weblog/2021/jul/01/security-releases/>`__
Versions affected
~~~~~~~~~~~~~~~~~
* Django 3.2 :commit:`(patch) <a34a5f724c5d5adb2109374ba3989ebb7b11f81f>`
* Django 3.1 :commit:`(patch) <0bd57a879a0d54920bb9038a732645fb917040e9>`
June 2, 2021 - :cve:`2021-33203` June 2, 2021 - :cve:`2021-33203`
-------------------------------- --------------------------------