forked from django/django
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1.6.11.9.txt
25 lines (17 loc) · 933 Bytes
/
1.6.11.9.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
=============================
Django 1.6.11.9 release notes
=============================
*June 3, 2020*
Django 1.6.11.9 fixes a security issue in 1.6.x. It contains backports of
changes from Django 2.2.13.
CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
================================================================
Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
ensures query parameters are correctly URL encoded.
CVE-2020-13254: Potential data leakage via malformed memcached keys
===================================================================
In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data
leakage. In order to avoid this vulnerability, key validation is added to the
memcached cache backends.