Django 2.2.11 release notes¶

March 4, 2020

Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.

CVE-2020-9402: Potential SQL injection via `tolerance` parameter in GIS functions and aggregates on Oracle¶

GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance.

Fixed a data loss possibility in the select_for_update(). When using related fields or parent link fields with Multi-table inheritance in the of argument, the corresponding models were not locked (#31246).