16 lines
470 B
Plaintext
16 lines
470 B
Plaintext
===========================
|
|
Django 3.0.14 release notes
|
|
===========================
|
|
|
|
*April 6, 2021*
|
|
|
|
Django 3.0.14 fixes a security issue with severity "low" in 3.0.13.
|
|
|
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
|
================================================================
|
|
|
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
|
suitably crafted file names.
|
|
|
|
Built-in upload handlers were not affected by this vulnerability.
|