Django 2.2.28 release notes¶
April 11, 2022
Django 2.2.28 fixes two security issues with severity “high” in 2.2.27.
CVE-2022-28346: Potential SQL injection in
extra() methods were subject to SQL injection in column
aliases, using a suitably crafted dictionary, with dictionary expansion, as the
**kwargs passed to these methods.