December 4, 2024
Django 5.1.4 fixes one security issue with severity « high », one security issue with severity « moderate », and several bugs in 5.1.3.
HasKey(lhs, rhs)
on Oracle¶Direct usage of the django.db.models.fields.json.HasKey
lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs
value.
Applications that use the has_key
lookup through
the __
syntax are unaffected.
avr. 05, 2025