chango.git, branch 3.2.12 django http://cgit.adnoto.dev/chango.git/atom?h=3.2.12 2022-02-01T07:03:33Z [3.2.x] Bumped version for 3.2.12 release. 2022-02-01T07:03:33Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-01T07:03:33Z urn:sha1:fdf209eab8949ddc345aa0212b349c79fc6fdebb [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 2022-02-01T06:54:17Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-01-21T06:50:03Z urn:sha1:d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main. [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 2022-02-01T06:53:21Z Markus Holtermann info@markusholtermann.eu 2022-01-01T23:37:40Z urn:sha1:1a1e8278c46418bde24c86a65443b0674bae65e2 Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu> [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 2022-01-25T06:27:35Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-01-11T08:57:01Z urn:sha1:a7e89fe77683af562fa00143cd1af32e20425797 Backport of eeca9342381c8583be16f18942774e785ab7e527 from main. [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 2022-01-04T10:31:13Z Carlton Gibson carlton.gibson@noumenal.es 2022-01-04T10:30:11Z urn:sha1:027f4c4ceb93c7f7b45fecf94b7db1defc5c4064 Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main [3.2.x] Post-release version bump. 2022-01-04T09:40:22Z Carlton Gibson carlton.gibson@noumenal.es 2022-01-04T09:40:22Z urn:sha1:0a9a46a1d72e556585298ad2f6346461729e6b91 [3.2.x] Bumped version for 3.2.11 release. 2022-01-04T09:36:54Z Carlton Gibson carlton.gibson@noumenal.es 2022-01-04T09:36:54Z urn:sha1:6e499a28ac6ec10c2f0f77b92cab49fb8f8df419 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 2022-01-04T09:19:49Z Florian Apolloner florian@apolloner.eu 2021-12-17T20:07:50Z urn:sha1:8d2f7cff76200cbd2337b2cf1707e383eb1fb54b Thanks to Dennis Brinkrolf for the report. [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 2022-01-04T09:19:49Z Florian Apolloner florian@apolloner.eu 2021-12-27T13:53:18Z urn:sha1:c7fe895bca06daf12cc1670b56eaf72a1ef27a16 Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 2022-01-04T09:19:49Z Florian Apolloner florian@apolloner.eu 2021-12-27T13:48:03Z urn:sha1:a8b32fe13bcaed1c0b772fdc53de84abc224fb20 Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>