Django 5.1.4 release notes¶
December 4, 2024
Django 5.1.4 fixes one security issue with severity “high”, one security issue with severity “moderate”, and several bugs in 5.1.3.
CVE-2024-53908: Potential SQL injection via HasKey(lhs, rhs)
on Oracle¶
Direct usage of the django.db.models.fields.json.HasKey
lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs
value.
Applications that use the has_key
lookup through
the __
syntax are unaffected.