mirror of
https://github.com/django/django.git
synced 2024-11-25 07:59:34 +01:00
d4d800ca1a
Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report.
23 lines
684 B
Plaintext
23 lines
684 B
Plaintext
==========================
|
|
Django 3.1.8 release notes
|
|
==========================
|
|
|
|
*April 6, 2021*
|
|
|
|
Django 3.1.8 fixes a security issue with severity "low" and a bug in 3.1.7.
|
|
|
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
|
================================================================
|
|
|
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
|
suitably crafted file names.
|
|
|
|
Built-in upload handlers were not affected by this vulnerability.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a bug in Django 3.1 where the output was hidden on a test error or
|
|
failure when using :option:`test --pdb` with the
|
|
:option:`--buffer <test --buffer>` option (:ticket:`32560`).
|