July 1, 2021
Django 3.2.5 では、 3.2.4 における深刻度 "high" のセキュリティの問題1件と、いくつかのバグを修正しました。また、 Transifex からの最新の文字列翻訳が反映されました。
QuerySet.order_by() input¶Unsanitized user input passed to QuerySet.order_by() could bypass intended
column reference validation in path marked for deprecation resulting in a
potential SQL injection even if a deprecation warning is emitted.
As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1 as a side effect of fixing #31426.
The issue is not present in the main branch as the deprecated path has been removed.
Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related()
(#32812).
Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when
altering BinaryField, JSONField, or TextField to non-nullable
(#32503).
Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField
with a default value (#32832).
Fixed a bug in Django 3.2 where a system check would crash on a model with an
invalid app_label (#32863).
12月 03, 2025