summaryrefslogtreecommitdiff
path: root/docs/releases/2.2.16.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/2.2.16.txt')
-rw-r--r--docs/releases/2.2.16.txt9
1 files changed, 8 insertions, 1 deletions
diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
index f0c3ec894a..f531871d1a 100644
--- a/docs/releases/2.2.16.txt
+++ b/docs/releases/2.2.16.txt
@@ -4,7 +4,7 @@ Django 2.2.16 release notes
*Expected September 1, 2020*
-Django 2.2.16 fixes a security issue and two data loss bugs in 2.2.15.
+Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
======================================================================================
@@ -17,6 +17,13 @@ files and to intermediate-level collected static directories when using the
You should review and manually fix permissions on existing intermediate-level
directories.
+CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
+===============================================================================================================
+
+On Python 3.7+, the intermediate-level directories of the file system cache had
+the system's standard umask rather than ``0o077`` (no group or others
+permissions).
+
Bugfixes
========
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 00:07:50 +0000