mirror of https://github.com/django/django.git
26 lines
891 B
Plaintext
26 lines
891 B
Plaintext
===========================
|
|
Django 2.2.13 release notes
|
|
===========================
|
|
|
|
*June 3, 2020*
|
|
|
|
Django 2.2.13 fixes two security issues and a regression in 2.2.12.
|
|
|
|
CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
|
|
================================================================
|
|
|
|
Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
|
|
encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
|
|
ensures query parameters are correctly URL encoded.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a regression in Django 2.2.12 that affected translation loading for
|
|
apps providing translations for territorial language variants as well as a
|
|
generic language, where the project has different plural equations for the
|
|
language (:ticket:`31570`).
|
|
|
|
* Tracking a jQuery security release, upgraded the version of jQuery used by
|
|
the admin from 3.3.1 to 3.5.1.
|