blob: 7fb85550777e71e9a9b78a61eee0a706421961aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
==========================
Django 4.0.7 release notes
==========================
*August 3, 2022*
Django 4.0.7 fixes a security issue with severity "high" in 4.0.6.
CVE-2022-36359: Potential reflected file download vulnerability in ``FileResponse``
===================================================================================
An application may have been vulnerable to a reflected file download (RFD)
attack that sets the Content-Disposition header of a
:class:`~django.http.FileResponse` when the ``filename`` was derived from
user-supplied input. The ``filename`` is now escaped to avoid this possibility.
|