December 4, 2024
Django 4.2.17 fixes one security issue with severity "high" and one security issue with severity "moderate" in 4.2.16.
HasKey(lhs, rhs) on Oracle¶Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs value.
Applications that use the has_key lookup through
the __ syntax are unaffected.
7月 02, 2025