1. ===========================

  2. Django 2.2.11 release notes

  3. ===========================

  4. 

  5. *March 4, 2020*

  6. 

  7. Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.

  8. 

  9. CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle

  10. ============================================================================================================

  11. 

  12. GIS functions and aggregates on Oracle were subject to SQL injection,

  13. using a suitably crafted ``tolerance``.

  14. 

  15. Bugfixes

  16. ========

  17. 

  18. * Fixed a data loss possibility in the

  19.   :meth:`~django.db.models.query.QuerySet.select_for_update`. When using

  20.   related fields or parent link fields with :ref:`multi-table-inheritance` in

  21.   the ``of`` argument, the corresponding models were not locked

  22.   (:ticket:`31246`).
About Sign Up Leave Feedback Contact