Getting Help

el
es
fr
id
it
ja
ko
pl
pt-br
zh-hans
Language: en

3.0
3.1
3.2
4.0
4.2
5.0
5.1
dev
Documentation version: 4.1

Django 3.0.4 release notes¶

March 4, 2020

Django 3.0.4 fixes a security issue and several bugs in 3.0.3.

CVE-2020-9402: Potential SQL injection via `tolerance` parameter in GIS functions and aggregates on Oracle¶

GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance.

Bugfixes¶

Fixed a data loss possibility when using caching from async code (#31253).
Fixed a regression in Django 3.0 that caused a file response using a temporary file to be closed incorrectly (#31240).
Fixed a data loss possibility in the select_for_update(). When using related fields or parent link fields with Multi-table inheritance in the of argument, the corresponding models were not locked (#31246).
Fixed a regression in Django 3.0 that caused misplacing parameters in logged SQL queries on Oracle (#31271).
Fixed a regression in Django 3.0.3 that caused misplacing parameters of SQL queries when subtracting DateField or DateTimeField expressions on MySQL (#31312).
Fixed a regression in Django 3.0 that didn’t include subqueries spanning multivalued relations in the GROUP BY clause (#31150).

Django 3.0.5 release notes

Django 3.0.3 release notes

Back to Top

Additional Information

This document is for an insecure version of Django that is no longer supported. Please upgrade to a newer release!