summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-09-03 15:26:45 +0200
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-09-03 15:28:27 +0200
commit18c6bc5db244f8fdc9fbbaa73f1e9a1f4b444513 (patch)
treebb730bf112561eb2ae4b68ee171cfadb3a928e2c /docs
parentdb13f7fbcb412ef1333f2c8bbb1d3d02344e3dd1 (diff)
[5.2.x] Added CVE-2025-57833 to security archive.
Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/security.txt11
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 353f1a9b96..8e1ab8c58b 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,17 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security
process. These are listed below.
+September 3, 2025 - :cve:`2025-57833`
+-------------------------------------
+
+Potential SQL injection in FilteredRelation column aliases.
+`Full description
+<https://www.djangoproject.com/weblog/2025/sep/03/security-releases/>`__
+
+* Django 5.2 :commit:`(patch) <4c044fcc866ec226f612c475950b690b0139d243>`
+* Django 5.1 :commit:`(patch) <102965ea93072fe3c39a30be437c683ec1106ef5>`
+* Django 4.2 :commit:`(patch) <31334e6965ad136a5e369993b01721499c5d1a92>`
+
June 4, 2025 - :cve:`2025-48432`
--------------------------------