diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-10-01 10:39:02 -0400 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-10-01 10:40:25 -0400 |
| commit | 7bda200f6e9d1b741ee3116ca966385f76fb798f (patch) | |
| tree | 7af4788e8ddafdb721b58c4e6bc14334dec5f5b8 | |
| parent | b4a2f47b3215b4ec0dfc4d2c01352f8e1adc9aaa (diff) | |
[4.2.x] Added CVE-2025-59681 and CVE-2025-59682 to security archive.
Backport of 43d84aef04a9e71164c21a74885996981857e66e from main.
| -rw-r--r-- | docs/releases/security.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index c3400e9bbe..67eb651a37 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,30 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +October 1, 2025 - :cve:`2025-59681` +----------------------------------- + +Potential SQL injection in ``QuerySet.annotate()``, ``alias()``, ``aggregate()``, and ``extra()`` on MySQL and MariaDB. +`Full description +<https://www.djangoproject.com/weblog/2025/oct/01/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <4ceaaee7e04b416fc465e838a6ef43ca0ccffafe>` +* Django 5.2 :commit:`(patch) <52fbae0a4dbbe5faa59827f8f05694a0065cc135>` +* Django 5.1 :commit:`(patch) <01d2d770e22bffe53c7f1e611e2bbca94cb8a2e7>` +* Django 4.2 :commit:`(patch) <38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5>` + +October 1, 2025 - :cve:`2025-59682` +----------------------------------- + +Potential partial directory-traversal via ``archive.extract()``. +`Full description +<https://www.djangoproject.com/weblog/2025/oct/01/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <af067f56c1dd467df4abd0ddd409a700da1f03ba>` +* Django 5.2 :commit:`(patch) <ed8fc39d77465eddbde1191a054ae965f6a8a584>` +* Django 5.1 :commit:`(patch) <74fa85c688a87224637155902bcd738bb9e65e11>` +* Django 4.2 :commit:`(patch) <9504bbaa392c9fe37eee9291f5b4c29eb6037619>` + September 3, 2025 - :cve:`2025-57833` ------------------------------------- |