From 394517f07886495efcf79f95c7ee402a9437bd68 Mon Sep 17 00:00:00 2001 From: Markus Holtermann Date: Sun, 2 Jan 2022 00:37:40 +0100 Subject: Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. Thanks Keryn Knight for the report. Co-authored-by: Adam Johnson --- docs/ref/templates/builtins.txt | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'docs/ref') diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 08c1ca47e2..6f324e2b3b 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -194,7 +194,13 @@ from its first value when it's next encountered. --------- Outputs a whole load of debugging information, including the current context -and imported modules. +and imported modules. ``{% debug %}`` outputs nothing when the :setting:`DEBUG` +setting is ``False``. + +.. versionchanged:: 2.2.27 + + In older versions, debugging information was displayed when the + :setting:`DEBUG` setting was ``False``. .. templatetag:: extends -- cgit v1.3