mirror of
https://github.com/django/django.git
synced 2025-08-03 18:38:50 +00:00
[4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
This commit is contained in:
parent
df79ef03ac
commit
2a8ec7f546
7 changed files with 135 additions and 7 deletions
|
@ -1577,6 +1577,13 @@ produce empty output::
|
|||
|
||||
{{ values|dictsort:"0" }}
|
||||
|
||||
Ordering by elements at specified index is not supported on dictionaries.
|
||||
|
||||
.. versionchanged:: 2.2.26
|
||||
|
||||
In older versions, ordering elements at specified index was supported on
|
||||
dictionaries.
|
||||
|
||||
.. templatefilter:: dictsortreversed
|
||||
|
||||
``dictsortreversed``
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue