summaryrefslogtreecommitdiff
path: root/docs/releases/2.2.18.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/2.2.18.txt')
-rw-r--r--docs/releases/2.2.18.txt15
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/releases/2.2.18.txt b/docs/releases/2.2.18.txt
new file mode 100644
index 0000000000..45df4fb83c
--- /dev/null
+++ b/docs/releases/2.2.18.txt
@@ -0,0 +1,15 @@
+===========================
+Django 2.2.18 release notes
+===========================
+
+*February 1, 2021*
+
+Django 2.2.18 fixes a security issue with severity "low" in 2.2.17.
+
+CVE-2021-3281: Potential directory-traversal via ``archive.extract()``
+======================================================================
+
+The ``django.utils.archive.extract()`` function, used by
+:option:`startapp --template` and :option:`startproject --template`, allowed
+directory-traversal via an archive with absolute paths or relative paths with
+dot segments.
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 22:33:23 +0000