Overview All releases

Version History

5.0.4 5.0.3 5.0.2 5.0.1 5.0 5.0-rc1 5.0-b1 5.0-a1

4.2.11 4.2.10 4.2.9 4.2.8 4.2.7 4.2.6 4.2.5 4.2.4 4.2.3 4.2.2 4.2.1 4.2

4.2-rc1

4.2-b1

4.2-a1

4.1.13 4.1.12 4.1.11 4.1.10 4.1.9 4.1.8 4.1.7 4.1.6 4.1.5 4.1.4 4.1.3 4.1.2 4.1.1 4.1

4.1-rc1

4.1-b1

4.1-a1

4.0.10 4.0.9 4.0.8 4.0.7 4.0.6 4.0.5 4.0.4 4.0.3 4.0.2 4.0.1

4.0

4.0-rc1

4.0-b1

4.0-a1

3.2.25 3.2.24 3.2.23 3.2.22 3.2.21 3.2.20 3.2.19 3.2.18 3.2.17 3.2.16 3.2.15 3.2.14 3.2.13 3.2.12 3.2.11

3.2.10

3.2.9

3.2.8

3.2.7

3.2.6

3.2.5

3.2.4

3.2.3

3.2.2

3.2.1

3.2

3.2-rc1

3.2-b1

3.2-a1

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1

3.1-rc1

3.1-b1

3.1-a1

3.0.14

3.0.13

3.0.12

3.0.11

3.0.10

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0

3.0-rc1

3.0-b1

3.0-a1

2.2.28

2.2.27

2.2.26

2.2.25

2.2.24

2.2.23

2.2.22

2.2.21

2.2.20

2.2.19

2.2.18

2.2.17

2.2.16

2.2.15

2.2.14

2.2.13

2.2.12

2.2.11

2.2.10

2.2.9

2.2.8

2.2.7

2.2.6

2.2.5

2.2.4

2.2.3

2.2.2

2.2.1

2.2

2.2-rc1

2.2-b1

2.2-a1

2.1.15

2.1.14

2.1.13

2.1.12

2.1.11

2.1.10

2.1.9

2.1.8

2.1.7

2.1.6

2.1.5

2.1.4

2.1.3

2.1.2

2.1.1

2.1

2.1-rc1

2.1-b1

2.1-a1

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0

2.0-rc1

2.0-b1

2.0-a1

1.11.29

1.11.28

1.11.27

1.11.26

1.11.25

1.11.24

1.11.23

1.11.22

1.11.21

1.11.20

1.11.19

1.11.18

1.11.17

1.11.16

1.11.15

1.11.14

1.11.13

1.11.12

1.11.11

1.11.10

1.11.9

1.11.8

1.11.7

1.11.6

1.11.5

1.11.4

1.11.3

1.11.2

1.11.1

1.11

1.11-rc1

1.11-b1

1.11-a1

1.10.8

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10

1.10-rc1

1.10-b1

1.10-a1

1.9.13

1.9.12

1.9.11

1.9.10

1.9.9

1.9.8

1.9.7

1.9.6

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9

1.9-rc2

1.9-rc1

1.9-b1

1.9-a1

1.8.19

1.8.18

1.8.17

1.8.16

1.8.15

1.8.14

1.8.13

1.8.12

1.8.11

1.8.10

1.8.9

1.8.8

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.2

1.8.1

1.8

1.8-c1

1.8-b2

1.8-b1

1.8-a1

1.7.11

1.7.10

1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7

1.7-c3

1.7-c2

1.7-c1

1.7-b4

1.7-b3

1.7-b2

1.7-b1

1.7-a2

1.7-a1

1.6.11

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6

1.6-c1

1.6-b4

1.6-b3

1.6-b2

1.6-b1

1.6-a1

1.5.12

1.5.11

1.5.10

1.5.9

1.5.8

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5

1.5-c2

1.5-c1

1.5-b2

1.5-b1

1.5-a1

1.4.22

1.4.21

1.4.20

1.4.19

1.4.18

1.4.17

1.4.16

1.4.15

1.4.14

1.4.13

1.4.12

1.4.11

1.4.10

1.4.9

1.4.8

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2

1.1.4

1.1.3

1.1.2

1.1.1

1.1

1.0.4

1.0.3

1.0.2

1.0.1

1.0

Django - 2.2.27

Security

Django 2.2.27 release notes

February 1, 2022

Django 2.2.27 fixes two security issues with severity “medium” in 2.2.26.

CVE-2022-22818: Possible XSS via `{% debug %}` template tag

The {% debug %} template tag didn’t properly encode the current context,
posing an XSS attack vector.

In order to avoid this vulnerability, {% debug %} no longer outputs an
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.

CVE-2022-23833: Denial-of-service possibility in file uploads

Passing certain inputs to multipart forms could result in an infinite loop when
parsing files.

Security

Details

date

Feb. 1, 2022, 7:07 a.m.

type

Patch

official page

https://docs.djangoproject.com/en/4.0/releases/2.2.27/

👇

🔍View and search all Django releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity

Django 2.2.27 release notes

CVE-2022-22818: Possible XSS via {% debug %} template tag

CVE-2022-23833: Denial-of-service possibility in file uploads

Security

Details

CVE-2022-22818: Possible XSS via `{% debug %}` template tag