==========================Django 3.0.7 release notes==========================*June 3, 2020*Django 3.0.7 fixes two security issues and several bugs in 3.0.6.CVE-2020-13254: Potential data leakage via malformed memcached keys===================================================================In cases where a memcached backend does not perform key validation, passingmalformed cache keys could result in a key collision, and potential dataleakage. In order to avoid this vulnerability, key validation is added to thememcached cache backends.CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``================================================================Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URLencoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` nowensures query parameters are correctly URL encoded.Bugfixes========* Fixed a regression in Django 3.0 by restoring the ability to use fieldlookups in ``Meta.ordering`` (:ticket:`31538`).* Fixed a regression in Django 3.0 where ``QuerySet.values()`` and``values_list()`` crashed if a queryset contained an aggregation and asubquery annotation (:ticket:`31566`).* Fixed a regression in Django 3.0 where aggregates used wrong annotations whena queryset has multiple subqueries annotations (:ticket:`31568`).* Fixed a regression in Django 3.0 where ``QuerySet.values()`` and``values_list()`` crashed if a queryset contained an aggregation and an``Exists()`` annotation on Oracle (:ticket:`31584`).* Fixed a regression in Django 3.0 where all resolved ``Subquery()``expressions were considered equal (:ticket:`31607`).* Fixed a regression in Django 3.0.5 that affected translation loading for appsproviding translations for territorial language variants as well as a genericlanguage, where the project has different plural equations for the language(:ticket:`31570`).* Tracking a jQuery security release, upgraded the version of jQuery used bythe admin from 3.4.1 to 3.5.1.