diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/2.2.25.txt | 6 | ||||
| -rw-r--r-- | docs/releases/3.1.14.txt | 6 | ||||
| -rw-r--r-- | docs/releases/3.2.10.txt | 9 |
3 files changed, 17 insertions, 4 deletions
diff --git a/docs/releases/2.2.25.txt b/docs/releases/2.2.25.txt index e8e552d80e..1662451a30 100644 --- a/docs/releases/2.2.25.txt +++ b/docs/releases/2.2.25.txt @@ -6,4 +6,8 @@ Django 2.2.25 release notes Django 2.2.25 fixes a security issue with severity "low" in 2.2.24. -... +CVE-2021-44420: Potential bypass of an upstream access control based on URL paths +================================================================================= + +HTTP requests for URLs with trailing newlines could bypass an upstream access +control based on URL paths. diff --git a/docs/releases/3.1.14.txt b/docs/releases/3.1.14.txt index 45775c3ce6..fb6fef8884 100644 --- a/docs/releases/3.1.14.txt +++ b/docs/releases/3.1.14.txt @@ -6,4 +6,8 @@ Django 3.1.14 release notes Django 3.1.14 fixes a security issue with severity "low" in 3.1.13. -... +CVE-2021-44420: Potential bypass of an upstream access control based on URL paths +================================================================================= + +HTTP requests for URLs with trailing newlines could bypass an upstream access +control based on URL paths. diff --git a/docs/releases/3.2.10.txt b/docs/releases/3.2.10.txt index 18f0f9f09a..290880d684 100644 --- a/docs/releases/3.2.10.txt +++ b/docs/releases/3.2.10.txt @@ -4,8 +4,13 @@ Django 3.2.10 release notes *December 7, 2021* -Django 3.2.10 fixes a security issue with severity "low" and several bugs in -3.2.9. +Django 3.2.10 fixes a security issue with severity "low" and a bug in 3.2.9. + +CVE-2021-44420: Potential bypass of an upstream access control based on URL paths +================================================================================= + +HTTP requests for URLs with trailing newlines could bypass an upstream access +control based on URL paths. Bugfixes ======== |
