1. ===========================

  2. Django 3.2.19 release notes

  3. ===========================

  4. 

  5. *May 3, 2023*

  6. 

  7. Django 3.2.19 fixes a security issue with severity "low" in 3.2.18.

  8. 

  9. CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field

  10. =================================================================================================

  11. 

  12. Uploading multiple files using one form field has never been supported by

  13. :class:`.forms.FileField` or :class:`.forms.ImageField` as only the last

  14. uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files`

  15. topic suggested otherwise.

  16. 

  17. In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput`

  18. and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when

  19. the ``multiple`` HTML attribute is set on them. To prevent the exception and

  20. keep the old behavior, set ``allow_multiple_selected`` to ``True``.

  21. 

  22. For more details on using the new attribute and handling of multiple files

  23. through a single field, see :ref:`uploading_multiple_files`.
About Sign Up Leave Feedback Contact