diff options
author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-04-11 10:32:22 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-04-11 10:37:53 +0200 |
commit | 2a62cdcfec85938f40abb2e9e6a9ff497e02afe8 (patch) | |
tree | 3e66eb49a19e4894e9dbf941e5e44c3b68a5deb1 | |
parent | d3731c94310f18c7491b427538adfd1228ed7f87 (diff) | |
download | django-stable/2.2.x.tar.gz |
[2.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.stable/2.2.x
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
-rw-r--r-- | docs/releases/security.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 8b85b4a981..97718670af 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1311,3 +1311,25 @@ Versions affected * Django 4.0 :commit:`(patch) <f9c7d48fdd6f198a6494a9202f90242f176e4fc9>` * Django 3.2 :commit:`(patch) <d16133568ef9c9b42cb7a08bdf9ff3feec2e5468>` * Django 2.2 :commit:`(patch) <c477b761804984c932704554ad35f78a2e230c6a>` + +April 11, 2022 - :cve:`2022-28346` +---------------------------------- + +Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and +``extra()``. `Full description +<https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>`__ + +* Django 4.0 :commit:`(patch) <800828887a0509ad1162d6d407e94d8de7eafc60>` +* Django 3.2 :commit:`(patch) <2044dac5c6968441be6f534c4139bcf48c5c7e48>` +* Django 2.2 :commit:`(patch) <2c09e68ec911919360d5f8502cefc312f9e03c5d>` + +April 11, 2022 - :cve:`2022-28347` +---------------------------------- + +Potential SQL injection via ``QuerySet.explain(**options)`` on PostgreSQL. +`Full description +<https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>`__ + +* Django 4.0 :commit:`(patch) <00b0fc50e1738c7174c495464a5ef069408a4402>` +* Django 3.2 :commit:`(patch) <9e19accb6e0a00ba77d5a95a91675bf18877c72d>` +* Django 2.2 :commit:`(patch) <29a6c98b4c13af82064f993f0acc6e8fafa4d3f5>` |