source/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2026-02-09 02:49:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
stable/5.2.x
django/tests/expressions
History
Jake Howard 3e68ccdc11 [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via control characters. 
Control characters in FilteredRelation column aliases could be used for
SQL injection attacks. This affected QuerySet.annotate(), aggregate(),
extra(), values(), values_list(), and alias() when using dictionary
expansion with **kwargs.

Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls,
and Natalia Bidart for reviews.

Backport of e891a84c7e from main.
2026-02-03 08:17:34 -05:00
..
__init__.py
Merged regressiontests and modeltests into the test root.
2013-02-26 14:36:57 +01:00
models.py
Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
2024-08-06 08:50:08 +02:00
test_queryset_values.py
[5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via control characters.
2026-02-03 08:17:34 -05:00
tests.py
[5.2.x] Fixed #36751 -- Fixed empty filtered aggregation crash over annotated queryset.
2025-11-24 12:15:48 +01:00