diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-12-07 08:51:26 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-12-07 08:53:48 +0100 |
| commit | 7f20e89453711dde13bd8e95116811812c65acc3 (patch) | |
| tree | 4c51c0abc52f62c7f6723edf921f6e4ef1860f5b /docs | |
| parent | 20b9ad36ff0558b819659a10a9734262367750be (diff) | |
[4.0.x] Added CVE-2021-44420 to security archive.
Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/security.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index a59c6a145d..30f708388a 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,20 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +December 7, 2021 - :cve:`2021-44420` +------------------------------------ + +Potential bypass of an upstream access control based on URL paths. `Full +description +<https://www.djangoproject.com/weblog/2021/dec/07/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.2 :commit:`(patch) <333c65603032c377e682cdbd7388657a5463a05a>` +* Django 3.1 :commit:`(patch) <22bd17488159601bf0741b70ae7932bffea8eced>` +* Django 2.2 :commit:`(patch) <7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7>` + July 1, 2021 - :cve:`2021-35042` -------------------------------- |
