SQL Injection vulnerability fixed by Django in its latest releases
As per the reports of Web tech Survey, many websites including some known brands in the United States also prefer to choose Django as their choice of Model-Template-View framework.
image courtesy:BleepinComputer/twitter
On Monday, Django (an open-source Python-based web framework) fixed the SQL Injection vulnerability in its new releases.
According to BleepingComputer, the potential SQL Injection vulnerability can be found in Django’s main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. The latest releases and their fixations issued today compress the vulnerability.
As per the reports of Web tech Survey, many websites including some known brands in the United States also prefer to choose Django as their choice of Model-Template-View framework. In such instances, the need to upgrade or fix Django against bugs becomes extremely crucial.
The Django team has also released versions of Django 4.0.6 and Django 3.2.14, addressing a high severity SQL injection vulnerability and its urging developers to upgrade or fix their Django instances at its latest.
“For those unable to upgrade to fixed Django versions 4.0.6 or 3.2.14, the team has made patches available that can be applied to existing affected versions”, a source as per BleepingComputer.
“This security release mitigates the issue, but we have identified improvements to the Database API methods related to date extract and truncate that would be beneficial to add to Django 4.1 before [its] final release,” the team said.
