Mariusz Felisiak 2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. ...

Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.

Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.

2022-04-11 09:12:06 +02:00

..

__init__.py

Merged regressiontests and modeltests into the test root.

2013-02-26 14:36:57 +01:00

models.py

[3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.

2021-06-01 15:13:10 +02:00

test_deprecation.py

Refs #30158 -- Added alias argument to Expression.get_group_by_cols().

2019-03-21 18:47:46 -04:00

test_queryset_values.py

[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

2022-04-11 09:12:06 +02:00

tests.py

[3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.

2021-06-01 15:13:10 +02:00