summaryrefslogtreecommitdiff
path: root/docs/releases/5.2.11.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/5.2.11.txt')
-rw-r--r--docs/releases/5.2.11.txt12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/5.2.11.txt b/docs/releases/5.2.11.txt
index 1e5187d7ec..73a0cd23b3 100644
--- a/docs/releases/5.2.11.txt
+++ b/docs/releases/5.2.11.txt
@@ -29,3 +29,15 @@ produced super-linear computation resulting in service degradation or outage.
This issue has severity "moderate" according to the :ref:`Django security
policy <security-disclosure>`.
+
+CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
+====================================================================
+
+:ref:`Raster lookups <spatial-lookup-raster>` on GIS fields (only implemented
+on PostGIS) were subject to SQL injection if untrusted data was used as a band
+index.
+
+As a reminder, all untrusted user input should be validated before use.
+
+This issue has severity "high" according to the :ref:`Django security policy
+<security-disclosure>`.
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 18:22:35 +0000