2021-02-25 20:27:10 +01:00
|
|
|
==========================
|
|
|
|
Django 3.1.8 release notes
|
|
|
|
==========================
|
|
|
|
|
2021-03-16 10:19:00 +01:00
|
|
|
*April 6, 2021*
|
2021-02-25 20:27:10 +01:00
|
|
|
|
2021-03-16 10:19:00 +01:00
|
|
|
Django 3.1.8 fixes a security issue with severity "low" and a bug in 3.1.7.
|
|
|
|
|
|
|
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
|
|
|
================================================================
|
|
|
|
|
|
|
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
|
|
|
suitably crafted file names.
|
|
|
|
|
|
|
|
Built-in upload handlers were not affected by this vulnerability.
|
2021-02-25 20:27:10 +01:00
|
|
|
|
|
|
|
Bugfixes
|
|
|
|
========
|
|
|
|
|
2021-03-17 12:28:04 +01:00
|
|
|
* Fixed a bug in Django 3.1 where the output was hidden on a test error or
|
|
|
|
failure when using :option:`test --pdb` with the
|
|
|
|
:option:`--buffer <test --buffer>` option (:ticket:`32560`).
|