[5.1.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. - django.git

diff options

author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2025-09-10 09:53:52 +0200
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-01 08:53:17 -0400
commit	01d2d770e22bffe53c7f1e611e2bbca94cb8a2e7 (patch)
tree	739813527954c8026c845abdee4d851fba01ae6b /django/__init__.py
parent	cbe5042d85fc3f7ab704bb8ff1ff0f55ba1be0eb (diff)

[5.1.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB.

Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.

Diffstat (limited to 'django/__init__.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: