Django 1.11.28 release notesΒΆ

February 3, 2020

Django 1.11.28 fixes a security issue in 1.11.27.

CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)ΒΆ

StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter.