summaryrefslogtreecommitdiff
path: root/docs/releases/2.2.28.txt
AgeCommit message (Collapse)Author
2022-04-11Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL ↵Mariusz Felisiak
injection on PostgreSQL.
2022-04-11Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and ↵Mariusz Felisiak
extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.
2022-04-04Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28.Mariusz Felisiak