Added CVE-2020-7471 to security archive.

author: Carlton Gibson <carlton.gibson@noumenal.es> 2020-02-03 10:11:34 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2020-02-03 10:11:34 +0100
commit: d8b2ccbbb846328a0938347dc70cb2e603164d9a (patch)
tree: 297fa79c8e7833cd8c4ed6d6568e1e6c6a270e0b /docs/releases/security.txt
parent: 1a2600d8dfe86eb0fd0952a8c86107ab20323847 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 6e0c29223d..76991cb23a 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -1055,3 +1055,16 @@ Versions affected
 * Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>`
 * Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>`
 * Django 1.11 :commit:`(patch) <f4cff43bf921fcea6a29b726eb66767f67753fa2>`
+
+February 3, 2020 - :cve:`2020-7471`
+-----------------------------------
+
+Potential SQL injection via ``StringAgg(delimiter)``. `Full description
+<https://www.djangoproject.com/weblog/2020/feb/03/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.0 :commit:`(patch) <505826b469b16ab36693360da9e11fd13213421b>`
+* Django 2.2 :commit:`(patch) <c67a368c16e4680b324b4f385398d638db4d8147>`
+* Django 1.11 :commit:`(patch) <001b0634cd309e372edb6d7d95d083d02b8e37bd>`
author	Carlton Gibson <carlton.gibson@noumenal.es>	2020-02-03 10:11:34 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2020-02-03 10:11:34 +0100
commit	d8b2ccbbb846328a0938347dc70cb2e603164d9a (patch)
tree	297fa79c8e7833cd8c4ed6d6568e1e6c6a270e0b /docs/releases/security.txt
parent	1a2600d8dfe86eb0fd0952a8c86107ab20323847 (diff)