Django 3.2.15 release notes

Donate 来源:Django 浏览 134 扫码分享 2023-12-18 08:40:35

Django 3.2.15 release notes
- CVE-2022-36359: Potential reflected file download vulnerability in FileResponse

Django 3.2.15 release notes

August 3, 2022

Django 3.2.15 fixes a security issue with severity “high” in 3.2.14.

CVE-2022-36359: Potential reflected file download vulnerability in `FileResponse`

An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.

当前内容版权归 Django 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Django .

本文档使用 BookStack 构建

Django 3.2.15 release notes

Django 3.2.15 release notes

CVE-2022-36359: Potential reflected file download vulnerability in FileResponse

CVE-2022-36359: Potential reflected file download vulnerability in `FileResponse`