==========================Django 3.2.2 release notes==========================*May 6, 2021*Django 3.2.2 fixes a security issue and a bug in 3.2.1.CVE-2021-32052: Header injection possibility since ``URLValidator`` accepted newlines in input on Python 3.9.5+===============================================================================================================On Python 3.9.5+, :class:`~django.core.validators.URLValidator` didn't prohibitnewlines and tabs. If you used values with newlines in HTTP response, you couldsuffer from header injection attacks. Django itself wasn't vulnerable because:class:`~django.http.HttpResponse` prohibits newlines in HTTP headers.Moreover, the ``URLField`` form field which uses ``URLValidator`` silentlyremoves newlines and tabs on Python 3.9.5+, so the possibility of newlinesentering your data only existed if you are using this validator outside of theform fields.This issue was introduced by the :bpo:`43882` fix.Bugfixes========* Prevented, following a regression in Django 3.2.1, :djadmin:`makemigrations`from generating infinite migrations for a model with ``Meta.ordering``contained ``OrderBy`` expressions (:ticket:`32714`).