You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thank you very much for your work and effort.
I was wondering if it would be possible to cherry-pick the following commit (from this PR) to the version 3.14. It is a fairly simple fix for a potential security risk (reported by dependabot, moderate severity 6.1/10):
Cross-site Scripting in djangorestframework
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.
With version 3.15, significant design changes have been introduced that require considerable time to update. So cherry-picking this commit to address this potential security issue would help many projects by giving them more time to update smoothly.
I’d like to take the opportunity to point out that version 3.15.2 does not appear in the release list with its changelog, but it is available on Pypi.
The text was updated successfully, but these errors were encountered:
Hello,
First of all, thank you very much for your work and effort.
I was wondering if it would be possible to cherry-pick the following commit (from this PR) to the version 3.14. It is a fairly simple fix for a potential security risk (reported by dependabot, moderate severity 6.1/10):
With version 3.15, significant design changes have been introduced that require considerable time to update. So cherry-picking this commit to address this potential security issue would help many projects by giving them more time to update smoothly.
I’d like to take the opportunity to point out that version 3.15.2 does not appear in the release list with its changelog, but it is available on Pypi.
The text was updated successfully, but these errors were encountered: