From d8b2ccbbb846328a0938347dc70cb2e603164d9a Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Mon, 3 Feb 2020 10:11:34 +0100 Subject: [PATCH] Added CVE-2020-7471 to security archive. --- docs/releases/security.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 6e0c29223d..76991cb23a 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1055,3 +1055,16 @@ Versions affected * Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>` * Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>` * Django 1.11 :commit:`(patch) ` + +February 3, 2020 - :cve:`2020-7471` +----------------------------------- + +Potential SQL injection via ``StringAgg(delimiter)``. `Full description +`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.0 :commit:`(patch) <505826b469b16ab36693360da9e11fd13213421b>` +* Django 2.2 :commit:`(patch) ` +* Django 1.11 :commit:`(patch) <001b0634cd309e372edb6d7d95d083d02b8e37bd>`