2020-02-10 15:18:58 +08:00
|
|
|
===========================
|
|
|
|
|
Django 2.2.11 release notes
|
|
|
|
|
===========================
|
|
|
|
|
|
2020-02-24 21:46:28 +08:00
|
|
|
*March 4, 2020*
|
2020-02-10 15:18:58 +08:00
|
|
|
|
2020-02-24 21:46:28 +08:00
|
|
|
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
|
|
|
|
|
|
|
|
|
|
CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
|
|
|
|
|
============================================================================================================
|
|
|
|
|
|
|
|
|
|
GIS functions and aggregates on Oracle were subject to SQL injection,
|
|
|
|
|
using a suitably crafted ``tolerance``.
|
2020-02-10 15:18:58 +08:00
|
|
|
|
|
|
|
|
Bugfixes
|
|
|
|
|
========
|
|
|
|
|
|
2020-02-08 12:52:09 +08:00
|
|
|
* Fixed a data loss possibility in the
|
|
|
|
|
:meth:`~django.db.models.query.QuerySet.select_for_update`. When using
|
|
|
|
|
related fields or parent link fields with :ref:`multi-table-inheritance` in
|
|
|
|
|
the ``of`` argument, the corresponding models were not locked
|
|
|
|
|
(:ticket:`31246`).
|
