2021-02-26 03:27:10 +08:00
|
|
|
==========================
|
|
|
|
|
Django 3.1.8 release notes
|
|
|
|
|
==========================
|
|
|
|
|
|
2021-03-16 17:19:00 +08:00
|
|
|
*April 6, 2021*
|
2021-02-26 03:27:10 +08:00
|
|
|
|
2021-03-16 17:19:00 +08:00
|
|
|
Django 3.1.8 fixes a security issue with severity "low" and a bug in 3.1.7.
|
|
|
|
|
|
|
|
|
|
CVE-2021-28658: Potential directory-traversal via uploaded files
|
|
|
|
|
================================================================
|
|
|
|
|
|
|
|
|
|
``MultiPartParser`` allowed directory-traversal via uploaded files with
|
|
|
|
|
suitably crafted file names.
|
|
|
|
|
|
|
|
|
|
Built-in upload handlers were not affected by this vulnerability.
|
2021-02-26 03:27:10 +08:00
|
|
|
|
|
|
|
|
Bugfixes
|
|
|
|
|
========
|
|
|
|
|
|
2021-03-17 19:28:04 +08:00
|
|
|
* Fixed a bug in Django 3.1 where the output was hidden on a test error or
|
|
|
|
|
failure when using :option:`test --pdb` with the
|
|
|
|
|
:option:`--buffer <test --buffer>` option (:ticket:`32560`).
|
