django

mirror of https://github.com/django/django.git synced 2025-01-26 10:09:42 +00:00

History

Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

2022-04-11 08:59:33 +02:00

__init__.py

…

models.py

Refs #33476 -- Reformatted code with Black.

2022-02-07 20:37:05 +01:00

test_queryset_values.py

Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

2022-04-11 08:59:33 +02:00

tests.py

Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.

2022-03-31 11:05:23 +02:00