mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-06 08:25:50 +00:00
Code Issues 30 Releases Wiki Activity
33,065 Commits 28 Branches 426 Tags 638 MiB
da2432ccca
Commit Graph

7 Commits

Author SHA1 Message Date
Simon Charette
c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-08-06 08:50:08 +02:00
Mariusz Felisiak
1760ad4e8c
Relaxed some query ordering assertions in various tests. 
It accounts for differences seen on MySQL with MyISAM storage engine.
 2022-04-14 12:12:13 +02:00
Mariusz Felisiak
93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
 2022-04-11 08:59:33 +02:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Nick Pope
335c9c94ac Simplified imports from django.db and django.contrib.gis.db. 2020-02-04 13:20:06 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Ian Foote
39f35d4b9d Fixed #25871 -- Added expressions support to QuerySet.values(). 2016-08-18 16:05:15 -04:00