[ubuntu/mantic-proposed] python-django 3:3.2.19-1 (Accepted)
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Thu May 4 06:58:03 UTC 2023
python-django (3:3.2.19-1) unstable; urgency=medium
* New upstream security release.
* CVE-2023-31047: Prevent a potential bypass of validation when uploading
multiple files using one form field.
Uploading multiple files using one form field has never been supported by
forms.FileField or forms.ImageField as only the last uploaded file was
validated. Unfortunately, Uploading multiple files topic suggested
otherwise. In order to avoid the vulnerability, the ClearableFileInput and
FileInput form widgets now raise ValueError when the multiple HTML
attribute is set on them. To prevent the exception and keep the old
behavior, set the allow_multiple_selected attribute to True.
For more details on using the new attribute and handling of multiple files
through a single field, see:
<https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files>
(Closes: #1035467)
* Bump Standards-Version to 4.6.2.
Date: 2023-05-03 22:35:12.617462+00:00
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/python-django/3:3.2.19-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list