django

mirror of https://github.com/django/django.git synced 2025-07-13 06:09:17 +00:00

History

Mariusz Felisiak 2c09e68ec9 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.

2022-04-11 09:22:17 +02:00

__init__.py

Fixed #14030 -- Allowed annotations to accept all expressions

2014-11-15 14:00:43 +00:00

models.py

Refs #23919 -- Removed python_2_unicode_compatible decorator usage

2017-01-18 13:44:34 +01:00

tests.py

[2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

2022-04-11 09:22:17 +02:00