June 3, 2020
Django 2.2.13 fixes two security issues and a regression in 2.2.12.
In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.
Query parameters for the admin
ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector.
ensures query parameters are correctly URL encoded.
Fixed a regression in Django 2.2.12 that affected translation loading for apps providing translations for territorial language variants as well as a generic language, where the project has different plural equations for the language (#31570).
Tracking a jQuery security release, upgraded the version of jQuery used by the admin from 3.3.1 to 3.5.1.