Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 6 commits
- 7 files changed
- 3 contributors
Commits on Jun 2, 2021
-
-
[3.1.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.
Backport of a39f235 from main
-
[3.1.x] Fixed docs header underlines in security archive.
Backport of d9cee3f from main
Commits on Jul 1, 2021
-
[3.1.x] Added stub release notes for 3.1.13.
Backport of 8e97698 from main.
-
[3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.o…
…rder_by(). Regression introduced in 5139487 by marking the raw SQL column reference feature for deprecation in Django 4.0 while lifting the column format validation. In retrospective the validation should have been kept around and the user should have been pointed at using RawSQL expressions during the deprecation period. The main branch is not affected because the raw SQL column reference support has been removed in 06eec31 per the 4.0 deprecation life cycle. Thanks Joel Saunders for the report.
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3.1.12...3.1.13