Django 3.2.12 release notes

Donate 来源:Django 浏览 119 扫码分享 2023-12-18 08:40:37

Django 3.2.12 release notes
- CVE-2022-22818: Possible XSS via {% debug %} template tag
- CVE-2022-23833: Denial-of-service possibility in file uploads

Django 3.2.12 release notes

February 1, 2022

Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.

CVE-2022-22818: Possible XSS via `{% debug %}` template tag

The {% debug %} template tag didn’t properly encode the current context, posing an XSS attack vector.

In order to avoid this vulnerability, {% debug %} no longer outputs information when the DEBUG setting is False, and it ensures all context variables are correctly escaped when the DEBUG setting is True.

CVE-2022-23833: Denial-of-service possibility in file uploads

Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

当前内容版权归 Django 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Django .

本文档使用 BookStack 构建

Django 3.2.12 release notes

Django 3.2.12 release notes

CVE-2022-22818: Possible XSS via {% debug %} template tag

CVE-2022-23833: Denial-of-service possibility in file uploads

CVE-2022-22818: Possible XSS via `{% debug %}` template tag