Note di rilascio di Django 3.2.10

7 Dicembre 2021

Django 3.2.10 fixes a security issue with severity «low» and a bug in 3.2.9.

CVE-2021-44420: Potential bypass of an upstream access control based on URL paths

HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths.

Correzioni di bug

  • Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with BinaryField on PostgreSQL, which is memoryview-backed (#33333).