Path to this page:
Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2021-03-01 13:44:07
Message id: 20210301124407.98A86FA95@cvs.NetBSD.org
Log Message:
py-django2: updated to 2.2.19
Django 2.2.19 fixes a security issue in 2.2.18.
CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
Django contains a copy of urllib.parse.parse_qsl() which was added to backport \
some security fixes. A further security fix has been issued recently such that \
parse_qsl() no longer allows using ; as a query parameter separator by default. \
Django now includes this fix. See bpo-42967 for further details.
Files: