django/docs/releases/3.0.14.txt

===========================
Django 3.0.14 release notes
===========================

*April 6, 2021*

Django 3.0.14 fixes a security issue with severity "low" in 3.0.13.

CVE-2021-28658: Potential directory-traversal via uploaded files
================================================================

``MultiPartParser`` allowed directory-traversal via uploaded files with
suitably crafted file names.

Built-in upload handlers were not affected by this vulnerability.
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. 2021-03-16 17:19:00 +08:00			`===========================`
			`Django 3.0.14 release notes`
			`===========================`

			`April 6, 2021`

			`Django 3.0.14 fixes a security issue with severity "low" in 3.0.13.`

			`CVE-2021-28658: Potential directory-traversal via uploaded files`
			`================================================================`

			``MultiPartParser`` allowed directory-traversal via uploaded files with
			`suitably crafted file names.`

			`Built-in upload handlers were not affected by this vulnerability.`