mirror of
https://github.com/django/django.git
synced 2024-12-29 12:36:08 +00:00
d4d800ca1a
Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report.
16 lines
470 B
Plaintext
16 lines
470 B
Plaintext
===========================
|
|
Django 2.2.20 release notes
|
|
===========================
|
|
|
|
*April 6, 2021*
|
|
|
|
Django 2.2.20 fixes a security issue with severity "low" in 2.2.19.
|
|
|
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
|
================================================================
|
|
|
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
|
suitably crafted file names.
|
|
|
|
Built-in upload handlers were not affected by this vulnerability.
|