summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-09-03 15:26:45 +0200
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-09-03 15:29:23 +0200
commit26fc64332c362dd4632a49eef6672b71dfa7a813 (patch)
tree63152c8d94026400003a9d9c15fb29264014ebe6
parentdc002e5d2dba8611554984c989186a1905a172ce (diff)
[5.1.x] Added CVE-2025-57833 to security archive.
Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main.
-rw-r--r--docs/releases/security.txt11
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 353f1a9b96..8e1ab8c58b 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,17 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security
process. These are listed below.
+September 3, 2025 - :cve:`2025-57833`
+-------------------------------------
+
+Potential SQL injection in FilteredRelation column aliases.
+`Full description
+<https://www.djangoproject.com/weblog/2025/sep/03/security-releases/>`__
+
+* Django 5.2 :commit:`(patch) <4c044fcc866ec226f612c475950b690b0139d243>`
+* Django 5.1 :commit:`(patch) <102965ea93072fe3c39a30be437c683ec1106ef5>`
+* Django 4.2 :commit:`(patch) <31334e6965ad136a5e369993b01721499c5d1a92>`
+
June 4, 2025 - :cve:`2025-48432`
--------------------------------