February 3, 2020
Django 3.0.3 fixes a security issue and several bugs in 3.0.2.
StringAgg(delimiter)¶StringAgg aggregation function was
subject to SQL injection, using a suitably crafted delimiter.
DateField, DateTimeField, or TimeField from a Subquery()
annotation (#31133).QuerySet.values() and
values_list() crashed if a queryset contained an aggregation and
Exists() annotation (#31136).LANGUAGE_CODE setting, when a base language is available in
Django but the sublanguage is not (#31141).TextChoices,
IntegerChoices, and Choices in templates (#31154).max_length attribute fits the longest
choice, when a named group contains only non-string values (#31155).ArrayAgg and
StringAgg with filter
argument when used in a Subquery (#31097).get_FOO_display() to work incorrectly when
overriding inherited choices (#31124).QuerySet.prefetch_related() for GenericForeignKey with a custom
ContentType foreign key (#31190).sie 03, 2022