From 7f20e89453711dde13bd8e95116811812c65acc3 Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Tue, 7 Dec 2021 08:51:26 +0100 Subject: [PATCH] [4.0.x] Added CVE-2021-44420 to security archive. Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main --- docs/releases/security.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index a59c6a145d..30f708388a 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,20 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +December 7, 2021 - :cve:`2021-44420` +------------------------------------ + +Potential bypass of an upstream access control based on URL paths. `Full +description +`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.2 :commit:`(patch) <333c65603032c377e682cdbd7388657a5463a05a>` +* Django 3.1 :commit:`(patch) <22bd17488159601bf0741b70ae7932bffea8eced>` +* Django 2.2 :commit:`(patch) <7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7>` + July 1, 2021 - :cve:`2021-35042` --------------------------------