[4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.

Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
This commit is contained in:
Florian Apolloner 2021-12-27 14:53:18 +01:00 committed by Carlton Gibson
parent df79ef03ac
commit 2a8ec7f546
7 changed files with 135 additions and 7 deletions

View file

@ -1577,6 +1577,13 @@ produce empty output::
{{ values|dictsort:"0" }}
Ordering by elements at specified index is not supported on dictionaries.
.. versionchanged:: 2.2.26
In older versions, ordering elements at specified index was supported on
dictionaries.
.. templatefilter:: dictsortreversed
``dictsortreversed``