December 4, 2024
Django 5.0.10 fixes one security issue with severity « high » and one security issue with severity « moderate » in 5.0.9.
HasKey(lhs, rhs) on Oracle¶Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs value.
Applications that use the has_key lookup through
the __ syntax are unaffected.
avr. 02, 2025