django

mirror of https://github.com/django/django.git synced 2024-11-25 07:59:34 +01:00

Author	SHA1	Message	Date
Mariusz Felisiak	6723a26e59	Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.	2022-04-11 08:59:58 +02:00
Mariusz Felisiak	93cae5cb2f	Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.	2022-04-11 08:59:33 +02:00
Mariusz Felisiak	78277faafd	Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28.	2022-04-04 10:31:57 +02:00