In accordance with the security release policies that Django and Jazzband are following, the Jazzband project team for the Django Debug Toolbar project is issuing Django Debug Toolbar 3.2.1, Django Debug Toolbar 2.2.1 and Django Debug Toolbar 1.11.1. These releases address the security issue with severity “high” detailed below. We encourage all users of Django Debug Toolbar to upgrade as soon as possible.
With Django Debug Toolbar 0.10.0 and above, attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form.
This is a high severity issue for anyone using the toolbar in a production environment.
Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.
The GitHub Security Advisory can be found here:
#django #weblog #django debug toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1. | weblog | django #debug-toolbar-security-releases #published