source/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2026-02-08 18:39:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
django/tests/aggregation
History
Jake Howard e891a84c7e Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via control characters. 
Control characters in FilteredRelation column aliases could be used for
SQL injection attacks. This affected QuerySet.annotate(), aggregate(),
extra(), values(), values_list(), and alias() when using dictionary
expansion with **kwargs.

Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls,
and Natalia Bidart for reviews.
2026-02-03 07:55:04 -05:00
..
__init__.py
Merged regressiontests and modeltests into the test root.
2013-02-26 14:36:57 +01:00
models.py
Fixed aggregation tests crash on databases that don't support JSONFields.
2025-04-27 09:03:35 +02:00
test_filter_argument.py
Fixed #36751 -- Fixed empty filtered aggregation crash over annotated queryset.
2025-11-24 12:14:38 +01:00
tests.py
Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via control characters.
2026-02-03 07:55:04 -05:00