[5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. - django.git

diff options

author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2025-09-10 09:53:52 +0200
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-01 08:24:18 -0400
commit	52fbae0a4dbbe5faa59827f8f05694a0065cc135 (patch)
tree	ff699ccf99b28a8319387ecf8fcc10cebf2dbd43 /tests/utils_tests/test_archive.py
parent	1794cbf961f9ea54715fb094fe8adc80a5054947 (diff)

[5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB.

Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.

Diffstat (limited to 'tests/utils_tests/test_archive.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: