Note di rilascio di Django 4.0.7

3 Agosto 2022

Django 4.0.7 fixes a security issue with severity «high» in 4.0.6.

CVE-2022-36359: Potential reflected file download vulnerability in FileResponse

An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.