Django 4.0.7 release notes

Donate 来源:Django 浏览 99 扫码分享 2023-12-18 08:40:22

Django 4.0.7 release notes
- CVE-2022-36359: Potential reflected file download vulnerability in FileResponse

Django 4.0.7 release notes

August 3, 2022

Django 4.0.7 fixes a security issue with severity “high” in 4.0.6.

CVE-2022-36359: Potential reflected file download vulnerability in `FileResponse`

An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.

当前内容版权归 Django 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Django .

本文档使用 BookStack 构建

Django 4.0.7 release notes

Django 4.0.7 release notes

CVE-2022-36359: Potential reflected file download vulnerability in FileResponse

CVE-2022-36359: Potential reflected file download vulnerability in `FileResponse`