[2.2.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends.

1 files changed, 8 insertions, 0 deletions

diff --git a/docs/releases/2.2.13.txt b/docs/releases/2.2.13.txt
index ee381fdcce..3e455e7b4a 100644
--- a/docs/releases/2.2.13.txt
+++ b/docs/releases/2.2.13.txt
@@ -6,6 +6,14 @@ Django 2.2.13 release notes
 
 Django 2.2.13 fixes two security issues and a regression in 2.2.12.
 
+CVE-2020-13254: Potential data leakage via malformed memcached keys
+===================================================================
+
+In cases where a memcached backend does not perform key validation, passing
+malformed cache keys could result in a key collision, and potential data
+leakage. In order to avoid this vulnerability, key validation is added to the
+memcached cache backends.
+
 CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
 ================================================================