Re: [django-announce] Django security releases issued: 3.2.1, 3.1.9 and 2.2.21

Hi all, We took an defense-in-depth approach which seemed fined with our test suite. But it turns out, there are cases that weren't covered by tests which caused a regression in a few specific cases. This is tracked in https://code.djangoproject.com/ticket/32718 Cheers, Markus On Fri, May 7,

Re: [django-announce] Django security releases issued: 3.2.1, 3.1.9 and 2.2.21

It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be rejected." But it's stricter than that: any path component causes the path to be rejected: > if name != os.path.basename(name): >     raise Suspiciou

Django security releases issued: 3.2.1, 3.1.9 and 2.2.21

Details are available on the Django project weblog: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To un