March 4, 2020
Django 3.0.4 fixes a security issue and several bugs in 3.0.3.
tolerance parameter in GIS functions and aggregates on Oracle¶GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted tolerance.
Fixed a data loss possibility when using caching from async code (#31253).
Fixed a regression in Django 3.0 that caused a file response using a temporary file to be closed incorrectly (#31240).
Fixed a data loss possibility in the
select_for_update(). When using
related fields or parent link fields with Multi-table inheritance in
the of argument, the corresponding models were not locked
(#31246).
Fixed a regression in Django 3.0 that caused misplacing parameters in logged SQL queries on Oracle (#31271).
Fixed a regression in Django 3.0.3 that caused misplacing parameters of SQL
queries when subtracting DateField or DateTimeField expressions on
MySQL (#31312).
Fixed a regression in Django 3.0 that didn’t include subqueries spanning
multivalued relations in the GROUP BY clause (#31150).
Dec 25, 2023