1. ==========================

  2. Django 3.1.6 release notes

  3. ==========================

  4. 

  5. *February 1, 2021*

  6. 

  7. Django 3.1.6 fixes a security issue with severity "low" and a bug in 3.1.5.

  8. 

  9. CVE-2021-3281: Potential directory-traversal via ``archive.extract()``

  10. ======================================================================

  11. 

  12. The ``django.utils.archive.extract()`` function, used by

  13. :option:`startapp --template` and :option:`startproject --template`, allowed

  14. directory-traversal via an archive with absolute paths or relative paths with

  15. dot segments.

  16. 

  17. Bugfixes

  18. ========

  19. 

  20. * Fixed an admin layout issue in Django 3.1 where changelist filter controls 

  21.   would become squashed (:ticket:`32391`).
About Sign Up Leave Feedback Contact