==========================Django 4.0.4 release notes==========================*April 11, 2022*Django 4.0.4 fixes two security issues with severity "high" and two bugs in4.0.3.CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()``====================================================================================================:meth:`.QuerySet.annotate`, :meth:`~.QuerySet.aggregate`, and:meth:`~.QuerySet.extra` methods were subject to SQL injection in columnaliases, using a suitably crafted dictionary, with dictionary expansion, as the``**kwargs`` passed to these methods.CVE-2022-28347: Potential SQL injection via ``QuerySet.explain(**options)`` on PostgreSQL=========================================================================================:meth:`.QuerySet.explain` method was subject to SQL injection in option names,using a suitably crafted dictionary, with dictionary expansion, as the``**options`` argument.Bugfixes========* Fixed a regression in Django 4.0 that caused ignoring multiple``FilteredRelation()`` relationships to the same field (:ticket:`33598`).* Fixed a regression in Django 3.2.4 that caused the auto-reloader to no longerdetect changes when the ``DIRS`` option of the ``TEMPLATES`` settingcontained an empty string (:ticket:`33628`).