SUSE Package Hub - openSUSE-2021-338

Update Info

openSUSE-2021-338

Security update for python-djangorestframework

Type: security

Severity: important

Issued: 2021-02-25

Description:

This update for python-djangorestframework fixes the following issues:

Update to 3.11.2

* Security: Drop urlize_quoted_links template tag in favour of 
  Django's built-in urlize. Removes a XSS vulnerability for some 
  kinds of content in the browsable API. (boo#1177205, CVE-2020-25626)
* update Django for APIs book to 3.0 edition
* decode base64 credentials as utf8; adjust tests
* Remove compat urls for Django < 2.0

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-25626
Bugzilla: 1177205 VUL-0: CVE-2020-25626: python-djangorestframework: XSS Vulnerability in API viewer

Packages

python-djangorestframework-3.11.2-bp152.2.3.1

python-djangorestframework-test-3.11.2-bp152.2.3.1