Tests failing with Django >=3.2.1

Question

Tests failing with Django >=3.2.1

Stormheg opened this issue 3 years ago · comments

Django >=3.1.9 and >=2.2.21 are also affected.

Some tests fail with the following error:

raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
django.core.exceptions.SuspiciousFileOperation: File name 'original_images/wagtail.jpg' includes path elements

This appears to be related to a fix for a recent security defect in Django (CVE-2021-31542: Potential directory-traversal via uploaded files).
See https://www.djangoproject.com/weblog/2021/may/04/security-releases/

A ticket has been opened on Django's issue tracker: https://code.djangoproject.com/ticket/32718

Tim L. White · Answer 1 · Thu May 06 2021 21:40:24 GMT+0800 (China Standard Time)

This is happening for us at The Motley Fool as well.

Storm Heg · Answer 2 · Mon May 10 2021 15:27:27 GMT+0800 (China Standard Time)

The Django team is working on a patch that should resolve the issue: https://code.djangoproject.com/ticket/32718#comment:29

Storm Heg · Answer 3 · Thu May 13 2021 18:19:39 GMT+0800 (China Standard Time)

The Django team has released bug fix releases 3.2.3, 3.1.11, and 2.2.23 that have fixed the SuspiciousFileOperation bug.
https://www.djangoproject.com/weblog/2021/may/13/bugfix-releases/

Going to close this issue now.