Django 4.2.8 documentation

Home | Table of contents | Index | Modules

« previous | up | next »

Django 3.1.7 release notes¶

February 19, 2021

Django 3.1.7 fixes a security issue and a bug in 3.1.6.

CVE-2021-23336: Web cache poisoning via `django.utils.http.limited_parse_qsl()`¶

Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. Django now includes this fix. See bpo-42967 for further details.

Bugfixes¶

Fixed a regression in Django 3.1 that caused RuntimeError instead of connection errors when using only the 'postgres' database (#32403).

« previous | up | next »

Django 4.2.8 documentation

Django 3.1.7 release notes¶

CVE-2021-23336: Web cache poisoning via `django.utils.http.limited_parse_qsl()`¶

Bugfixes¶

Table of Contents

Previous topic

Next topic

This Page

Last update:

Django 4.2.8 documentation

Django 3.1.7 release notes¶

CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()¶

Bugfixes¶

Last update:

CVE-2021-23336: Web cache poisoning via `django.utils.http.limited_parse_qsl()`¶