mirror of
https://github.com/django/django.git
synced 2024-12-01 07:31:48 +01:00
16 lines
470 B
Plaintext
16 lines
470 B
Plaintext
|
===========================
|
||
|
Django 3.0.14 release notes
|
||
|
===========================
|
||
|
|
||
|
*April 6, 2021*
|
||
|
|
||
|
Django 3.0.14 fixes a security issue with severity "low" in 3.0.13.
|
||
|
|
||
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
||
|
================================================================
|
||
|
|
||
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
||
|
suitably crafted file names.
|
||
|
|
||
|
Built-in upload handlers were not affected by this vulnerability.
|