mirror of
https://github.com/django/django.git
synced 2024-12-22 09:05:43 +00:00
Refs #32718 -- Corrected CVE-2021-31542 release notes.
This commit is contained in:
parent
e6406853c3
commit
d1f1417cae
@ -13,5 +13,4 @@ CVE-2021-31542: Potential directory-traversal via uploaded files
|
||||
directory-traversal via uploaded files with suitably crafted file names.
|
||||
|
||||
In order to mitigate this risk, stricter basename and path sanitation is now
|
||||
applied. Specifically, empty file names and paths with dot segments will be
|
||||
rejected.
|
||||
applied.
|
||||
|
@ -13,5 +13,4 @@ CVE-2021-31542: Potential directory-traversal via uploaded files
|
||||
directory-traversal via uploaded files with suitably crafted file names.
|
||||
|
||||
In order to mitigate this risk, stricter basename and path sanitation is now
|
||||
applied. Specifically, empty file names and paths with dot segments will be
|
||||
rejected.
|
||||
applied.
|
||||
|
@ -13,8 +13,7 @@ CVE-2021-31542: Potential directory-traversal via uploaded files
|
||||
directory-traversal via uploaded files with suitably crafted file names.
|
||||
|
||||
In order to mitigate this risk, stricter basename and path sanitation is now
|
||||
applied. Specifically, empty file names and paths with dot segments will be
|
||||
rejected.
|
||||
applied.
|
||||
|
||||
Bugfixes
|
||||
========
|
||||
|
Loading…
Reference in New Issue
Block a user