February 3, 2020
Django 3.0.3 fixes a security issue and several bugs in 3.0.2.
StringAgg(delimiter)
¶StringAgg
aggregation function was
subject to SQL injection, using a suitably crafted delimiter
.
DateField
, DateTimeField
, or TimeField
from a Subquery()
annotation (#31133).QuerySet.values()
and
values_list()
crashed if a queryset contained an aggregation and
Exists()
annotation (#31136).LANGUAGE_CODE
setting, when a base language is available in
Django but the sublanguage is not (#31141).TextChoices
,
IntegerChoices
, and Choices
in templates (#31154).max_length
attribute fits the longest
choice, when a named group contains only non-string values (#31155).ArrayAgg
and
StringAgg
with filter
argument when used in a Subquery
(#31097).get_FOO_display()
to work incorrectly when
overriding inherited choices (#31124).QuerySet.prefetch_related()
for GenericForeignKey
with a custom
ContentType
foreign key (#31190).Jul 27, 2022