Upgrade Django to 2.0.11

Question

Upgrade Django to 2.0.11

CuriousLearner opened this issue 5 years ago · comments

CVE-2019-6975
moderate severity
Vulnerable versions: >= 2.0.0, < 2.0.11
Patched version: 2.0.11

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

CVE-2019-3498
More information
low severity
Vulnerable versions: >= 2.0.0, < 2.0.10
Patched version: 2.0.10

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Mayank Singhal · Answer 1 · Tue Jul 23 2019 19:42:28 GMT+0800 (China Standard Time)

I'll work on upgrading it to 2.2.3 which is the latest version as of now. I hope that's all right.

Sanyam Khurana · Answer 2 · Tue Jul 23 2019 20:01:01 GMT+0800 (China Standard Time)

Sounds good!