1. ===========================

  2. Django 3.0.13 release notes

  3. ===========================

  4. 

  5. *February 19, 2021*

  6. 

  7. Django 3.0.13 fixes a security issue in 3.0.12.

  8. 

  9. CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()``

  10. =================================================================================

  11. 

  12. Django contains a copy of :func:`urllib.parse.parse_qsl` which was added to

  13. backport some security fixes. A further security fix has been issued recently

  14. such that ``parse_qsl()`` no longer allows using ``;`` as a query parameter

  15. separator by default. Django now includes this fix. See :bpo:`42967` for

  16. further details.
About Sign Up Leave Feedback Contact