August 3, 2022
Django 3.2.15 fixes a security issue with severity “high” in 3.2.14.
FileResponse
¶An application may have been vulnerable to a reflected file download (RFD)
attack that sets the Content-Disposition header of a
FileResponse
when the filename
was derived from
user-supplied input. The filename
is now escaped to avoid this possibility.
Jul 28, 2023