mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
14 lines
436 B
Plaintext
14 lines
436 B
Plaintext
===========================
|
|
Django 2.2.10 release notes
|
|
===========================
|
|
|
|
*February 3, 2020*
|
|
|
|
Django 2.2.10 fixes a security issue in 2.2.9.
|
|
|
|
CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``
|
|
===================================================================
|
|
|
|
:class:`~django.contrib.postgres.aggregates.StringAgg` aggregation function was
|
|
subject to SQL injection, using a suitably crafted ``delimiter``.
|