innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/docs/releases/3.1.6.txt

22 lines
689 B
Plaintext
Raw Normal View History

Added stub release notes for 3.1.6.
2021-01-04 15:58:03 +08:00
==========================
Django 3.1.6 release notes
==========================
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews. Thanks Wang Baohua for the report.
2021-01-22 19:23:18 +08:00
*February 1, 2021*
Added stub release notes for 3.1.6.
2021-01-04 15:58:03 +08:00
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews. Thanks Wang Baohua for the report.
2021-01-22 19:23:18 +08:00
Django 3.1.6 fixes a security issue with severity "low" and a bug in 3.1.5.
CVE-2021-3281: Potential directory-traversal via ``archive.extract()``
======================================================================
The ``django.utils.archive.extract()`` function, used by
:option:`startapp --template` and :option:`startproject --template`, allowed
directory-traversal via an archive with absolute paths or relative paths with
dot segments.
Added stub release notes for 3.1.6.
2021-01-04 15:58:03 +08:00
Bugfixes
========
Fixed #32391 -- Used CSS flex properties for changelist filter. Matched layout adjustment using flex from admin sidebar added in d24ba1be7a53a113d19e2860c03aff9922efec24. Filters would become squashed when viewport was constrained or list display table became too wide.
2021-01-28 17:29:46 +08:00
* Fixed an admin layout issue in Django 3.1 where changelist filter controls
would become squashed (:ticket:`32391`).