28355e20fe
Fixes the following security issues: CVE-2021-3281: Potential directory-traversal via archive.extract() The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments. For details, see the advisory: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ Additionally, 3.0.11 fixed a regression: https://docs.djangoproject.com/en/3.1/releases/3.0.11/ Update indentation in hash file (two spaces). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| python-django.hash | ||
| python-django.mk | ||