0
0
mirror of https://github.com/django/django.git synced 2024-11-28 21:43:13 +01:00
django/docs/releases/2.2.11.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

23 lines
795 B
Plaintext
Raw Normal View History

2020-02-10 08:18:58 +01:00
===========================
Django 2.2.11 release notes
===========================
*March 4, 2020*
2020-02-10 08:18:58 +01:00
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
============================================================================================================
GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted ``tolerance``.
2020-02-10 08:18:58 +01:00
Bugfixes
========
* Fixed a data loss possibility in the
:meth:`~django.db.models.query.QuerySet.select_for_update`. When using
related fields or parent link fields with :ref:`multi-table-inheritance` in
the ``of`` argument, the corresponding models were not locked
(:ticket:`31246`).