February 1, 2022
Django 3.2.12 fixes two security issues with severity „medium” in 3.2.11.
{% debug %} template tag¶The {% debug %} template tag didn’t properly encode the current context,
posing an XSS attack vector.
In order to avoid this vulnerability, {% debug %} no longer outputs
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.
Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
sie 06, 2024