Django 2.2.11 版本发行说明
2020 年 3 月 4 日
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
CVE-2020-9402: Potential SQL injection via tolerance
parameter in GIS functions and aggregates on Oracle
GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance
.
漏洞修复
- Fixed a data loss possibility in the select_for_update(). When using related fields or parent link fields with 多表继承 in the
of
argument, the corresponding models were not locked (#31246).