From 69dfc6e61acc799f76009d56227501a6eba1e84d Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Tue, 1 Feb 2022 08:17:25 +0100 Subject: [PATCH] [4.0.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main --- docs/releases/security.txt | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 37cc2b36e0..45ee878c36 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,32 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +February 1, 2022 - :cve:`2022-22818` +------------------------------------ + +Possible XSS via ``{% debug %}`` template tag. `Full description +`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 4.0 :commit:`(patch) <01422046065d2b51f8f613409cad2c81b39487e5>` +* Django 3.2 :commit:`(patch) <1a1e8278c46418bde24c86a65443b0674bae65e2>` +* Django 2.2 :commit:`(patch) ` + +February 1, 2022 - :cve:`2022-23833` +------------------------------------ + +Denial-of-service possibility in file uploads. `Full description +`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 4.0 :commit:`(patch) ` +* Django 3.2 :commit:`(patch) ` +* Django 2.2 :commit:`(patch) ` + January 4, 2022 - :cve:`2021-45452` ------------------------------------