2022-07-04 16:05:55 +08:00
|
|
|
==========================
|
|
|
|
Django 4.0.7 release notes
|
|
|
|
==========================
|
|
|
|
|
2022-07-27 16:03:06 +08:00
|
|
|
*August 3, 2022*
|
2022-07-04 16:05:55 +08:00
|
|
|
|
2022-08-03 14:36:32 +08:00
|
|
|
Django 4.0.7 fixes a security issue with severity "high" in 4.0.6.
|
2022-07-04 16:05:55 +08:00
|
|
|
|
2022-07-20 18:14:45 +08:00
|
|
|
CVE-2022-36359: Potential reflected file download vulnerability in ``FileResponse``
|
|
|
|
===================================================================================
|
|
|
|
|
|
|
|
An application may have been vulnerable to a reflected file download (RFD)
|
|
|
|
attack that sets the Content-Disposition header of a
|
|
|
|
:class:`~django.http.FileResponse` when the ``filename`` was derived from
|
|
|
|
user-supplied input. The ``filename`` is now escaped to avoid this possibility.
|