December 4, 2024
Django 5.1.4 fixes one security issue with severity « high », one security issue with severity « moderate », and several bugs in 5.1.3.
HasKey(lhs, rhs) on Oracle¶Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs value.
Applications that use the has_key lookup through
the __ syntax are unaffected.
avr. 02, 2025