diff options
author | Carlton Gibson <carlton.gibson@noumenal.es> | 2020-02-03 10:11:34 +0100 |
---|---|---|
committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2020-02-03 10:15:26 +0100 |
commit | d0e3eb8e827355462a2d90660079234796d94ab0 (patch) | |
tree | 30370b139722cf00549f9cbe95bcc05f3b6ea028 | |
parent | 9a62ed5d5f827b44e8c95559c60fb28fb444e3ad (diff) | |
download | django-d0e3eb8e827355462a2d90660079234796d94ab0.tar.gz |
[1.11.x] Added CVE-2020-7471 to security archive.
Backport of d8b2ccbbb846328a0938347dc70cb2e603164d9a from master
-rw-r--r-- | docs/releases/security.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index d461ce3d86..8b705e90d1 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1042,3 +1042,16 @@ Versions affected * Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>` * Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>` * Django 1.11 :commit:`(patch) <f4cff43bf921fcea6a29b726eb66767f67753fa2>` + +February 3, 2020 - :cve:`2020-7471` +----------------------------------- + +Potential SQL injection via ``StringAgg(delimiter)``. `Full description +<https://www.djangoproject.com/weblog/2020/feb/03/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.0 :commit:`(patch) <505826b469b16ab36693360da9e11fd13213421b>` +* Django 2.2 :commit:`(patch) <c67a368c16e4680b324b4f385398d638db4d8147>` +* Django 1.11 :commit:`(patch) <001b0634cd309e372edb6d7d95d083d02b8e37bd>` |