Django 2.2.11 release notes¶
March 4, 2020
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
CVE-2020-9402: Potential SQL injection via tolerance
parameter in GIS functions and aggregates on Oracle¶
GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted tolerance
.
Bugfixes¶
Fixed a data loss possibility in the
select_for_update()
. When using related fields or parent link fields with Multi-table inheritance in theof
argument, the corresponding models were not locked (#31246).