Note di rilascio di Django 3.1.6¶
1 Febbraio 2021
Django 3.1.6 fixes a security issue with severity «low» and a bug in 3.1.5.
CVE-2021-3281: Potential directory-traversal via archive.extract()¶
The django.utils.archive.extract() function, used by
startapp --template and startproject --template, allowed
directory-traversal via an archive with absolute paths or relative paths with
dot segments.
Correzioni di bug¶
Fixed an admin layout issue in Django 3.1 where changelist filter controls would become squashed (#32391).
