Django 3.1.6 release notes¶

February 1, 2021

Django 3.1.6 fixes a security issue with severity “low” and a bug in 3.1.5.

CVE-2021-3281: Potential directory-traversal via `archive.extract()`¶

The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.

Bugfixes¶

Fixed an admin layout issue in Django 3.1 where changelist filter controls would become squashed (#32391).

Django 3.1.7 release notes

Django 3.1.5 release notes

Django 3.1.6 release notes
- CVE-2021-3281: Potential directory-traversal via archive.extract()
- Bugfixes

Browse

FAQ: Try the FAQ — it's got answers to many common questions.
Index, Module Index, or Table of Contents: Handy when looking for specific information.
django-users mailing list: Search for information in the archives of the django-users mailing list, or post a question.
#django IRC channel: Ask a question in the #django IRC channel, or search the IRC logs to see if it’s been asked before.
Django Discord Server: Join the Django Discord Community.
Official Django Forum: Join the community on the Django Forum.
Ticket tracker: Report bugs with Django or Django documentation in our ticket tracker.

Download:

Offline (Django 4.2): HTML | PDF | ePub
Provided by Read the Docs.

Documentation

Django 3.1.6 release notes¶

CVE-2021-3281: Potential directory-traversal via `archive.extract()`¶

Bugfixes¶

Additional Information

Support Django!

Contents

Browse

You are here:

Getting help

Download:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us

Documentation

Django 3.1.6 release notes¶

CVE-2021-3281: Potential directory-traversal via archive.extract()¶

Bugfixes¶

Additional Information

Support Django!

Contents

Browse

You are here:

Getting help

Download:

CVE-2021-3281: Potential directory-traversal via `archive.extract()`¶