February 19, 2021
Django 2.2.19 fixes a security issue in 2.2.18.
Django contains a copy of
urllib.parse.parse_qsl() which was added to
backport some security fixes. A further security fix has been issued recently
parse_qsl() no longer allows using
; as a query parameter
separator by default. Django now includes this fix. See bpo-42967 for