December 4, 2024
Django 5.0.10 fixes one security issue with severity « high » and one security issue with severity « moderate » in 5.0.9.
HasKey(lhs, rhs)
on Oracle¶Direct usage of the django.db.models.fields.json.HasKey
lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs
value.
Applications that use the has_key
lookup through
the __
syntax are unaffected.
avr. 05, 2025