Django

The web framework for perfectionists with deadlines.

Getting Help

el
en
es
id
it
ja
ko
pl
pt-br
sv
zh-hans
Langue : fr

5.2
dev
Version de la documentation : 6.0

Django 5.2.6 release notes¶

September 3, 2025

Django 5.2.6 fixes a security issue with severity « high » and one bug in 5.2.5.

CVE-2025-57833: Potential SQL injection in `FilteredRelation` column aliases¶

FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.annotate() or QuerySet.alias().

Correction de bogues¶

Fixed a bug where using QuerySet.values() or values_list() with a ForeignObject composed of multiple fields returned incorrect results instead of tuples of the referenced fields (#36431).

Back to Top