django.git, branch stable/2.2.x

django.git, branch stable/2.2.x django http://cgit.adnoto.dev/django.git/atom?h=stable%2F2.2.x 2022-04-11T08:37:53Z [2.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11T08:37:53Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-11T08:32:22Z urn:sha1:2a62cdcfec85938f40abb2e9e6a9ff497e02afe8 Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main [2.2.x] Post-release version bump. 2022-04-11T07:29:13Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-11T07:29:13Z urn:sha1:d3731c94310f18c7491b427538adfd1228ed7f87 [2.2.x] Bumped version for 2.2.28 release. 2022-04-11T07:25:38Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-11T07:25:38Z urn:sha1:5c3300027b30c1b498d99010f7d618316f685045 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11T07:23:12Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T11:48:47Z urn:sha1:29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main. [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 2022-04-11T07:22:17Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T06:10:22Z urn:sha1:2c09e68ec911919360d5f8502cefc312f9e03c5d Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main. [2.2.x] Added stub release notes for 2.2.28. 2022-04-04T08:55:50Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T06:37:19Z urn:sha1:8352b98e460f1b5349cd8a9a4ce35a573664c7c3 Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 2022-03-26T11:29:29Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-03-26T11:27:30Z urn:sha1:2801f29dadbf890206b4cac59a4831f334418bc7 This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 2022-03-25T07:54:13Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-03-25T07:48:32Z urn:sha1:e03648f09c9c6be34d977141e33419f5cf72c0d3 See https://github.com/pallets/jinja/pull/1621. Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main [2.2.x] Fixed typo in release notes. 2022-02-02T06:20:28Z David Smith 39445562+smithdc1@users.noreply.github.com 2022-02-02T06:17:57Z urn:sha1:9d13d8c10b18da9f8a9a7ea9325c1e2a23279c72 Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main. [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 2022-02-01T07:54:34Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-01T07:17:25Z urn:sha1:047ece3014f688d64e190f0d0c9845e9a7dd11fa Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main