February 3, 2020
Django 3.0.3 fixes a security issue and several bugs in 3.0.2.
StringAgg(delimiter)
¶StringAgg
aggregation function was
subject to SQL injection, using a suitably crafted delimiter
.
DateField
, DateTimeField
, or TimeField
from a Subquery()
annotation (#%s31133).QuerySet.values()
and
values_list()
crashed if a queryset contained an aggregation and
Exists()
annotation (#%s31136).LANGUAGE_CODE
setting, when a base language is available in
Django but the sublanguage is not (#%s31141).TextChoices
,
IntegerChoices
, and Choices
in templates (#%s31154).max_length
attribute fits the longest
choice, when a named group contains only non-string values (#%s31155).ArrayAgg
and
StringAgg
with filter
argument when used in a Subquery
(#%s31097).get_FOO_display()
to work incorrectly when
overriding inherited choices (#%s31124).QuerySet.prefetch_related()
for GenericForeignKey
with a custom
ContentType
foreign key (#%s31190).Sep 26, 2023