[3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.

Thanks to Dennis Brinkrolf for the report.
author: Florian Apolloner <florian@apolloner.eu> 2021-12-17 21:07:50 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2022-01-04 10:19:49 +0100
commit: 8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (patch)
tree: f3f00f41e92d751a91f61b164e4951e284d920d5 /docs/releases/3.2.11.txt
parent: c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/releases/3.2.11.txt b/docs/releases/3.2.11.txt
index e715ae866f..bb68e14a8e 100644
--- a/docs/releases/3.2.11.txt
+++ b/docs/releases/3.2.11.txt
@@ -36,3 +36,12 @@ As a reminder, all untrusted user input should be validated before use.
 
 This issue has severity "low" according to the :ref:`Django security policy
 <security-disclosure>`.
+
+CVE-2021-45452: Potential directory-traversal via ``Storage.save()``
+====================================================================
+
+``Storage.save()`` allowed directory-traversal if directly passed suitably
+crafted file names.
+
+This issue has severity "low" according to the :ref:`Django security policy
+<security-disclosure>`.
author	Florian Apolloner <florian@apolloner.eu>	2021-12-17 21:07:50 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2022-01-04 10:19:49 +0100
commit	8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (patch)
tree	f3f00f41e92d751a91f61b164e4951e284d920d5 /docs/releases/3.2.11.txt
parent	c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (diff)