December 4, 2024
Django 5.1.4 fixes one security issue with severity “high”, one security issue with severity “moderate”, and several bugs in 5.1.3.
HasKey(lhs, rhs)
on Oracle¶Direct usage of the django.db.models.fields.json.HasKey
lookup on Oracle
was subject to SQL injection if untrusted data was used as a lhs
value.
Applications that use the has_key
lookup through
the __
syntax are unaffected.
Mar 04, 2025