diff options
author | Carlton Gibson <carlton.gibson@noumenal.es> | 2021-02-19 11:02:32 +0100 |
---|---|---|
committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2021-02-19 11:02:32 +0100 |
commit | ab58f072502e86dfe21b2bd5cccdc5e94dce8d26 (patch) | |
tree | c84f27f9367992bf58739c9dcd91e4df92dbe00d /docs/releases/security.txt | |
parent | 0ad9fa02e07b853003b3c2244d1015620705f020 (diff) | |
download | django-ab58f072502e86dfe21b2bd5cccdc5e94dce8d26.tar.gz |
Added CVE-2021-23336 to security archive.
Diffstat (limited to 'docs/releases/security.txt')
-rw-r--r-- | docs/releases/security.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index bf9ab66e8a..504e3a2ece 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,21 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +February 19, 2021 - :cve:`2021-23336` +------------------------------------- + +Web cache poisoning via ``django.utils.http.limited_parse_qsl()``. `Full +description +<https://www.djangoproject.com/weblog/2021/feb/19/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.2 :commit:`(patch) <be8237c7cce24b06aabde0b97afce98ddabbe3b6>` +* Django 3.1 :commit:`(patch) <8f6d431b08cbb418d9144b976e7b972546607851>` +* Django 3.0 :commit:`(patch) <326a926beef869d3341bc9ef737887f0449b6b71>` +* Django 2.2 :commit:`(patch) <fd6b6afd5959b638c62dbf4839ccff97e7f7dfda>` + February 1, 2021 - :cve:`2021-3281` ----------------------------------- |