diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-05-06 09:58:24 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-05-06 10:03:45 +0200 |
| commit | 0262579f2e2ede5f8f273cd789b73729200ca047 (patch) | |
| tree | ab02f6336da9c59a048b0aeaeda72cba11a77c83 /docs | |
| parent | 40ad501425a021d8223991f88a2adf686a01e153 (diff) | |
[3.2.x] Added CVE-2021-32052 to security archive.
Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/security.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 847abd9cac..4f755f4381 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,20 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +May 6, 2021 - :cve:`2021-32052` +------------------------------- + +Header injection possibility since ``URLValidator`` accepted newlines in input +on Python 3.9.5+. `Full description +<https://www.djangoproject.com/weblog/2021/may/06/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.2 :commit:`(patch) <2d2c1d0c97832860fbd6597977e2aae17dd7e5b2>` +* Django 3.1 :commit:`(patch) <afb23f5929944a407e4990edef1c7806a94c9879>` +* Django 2.2 :commit:`(patch) <d9594c4ea57b6309d93879805302cec9ae9f23ff>` + May 4, 2021 - :cve:`2021-31542` ------------------------------- |
