Django SQL×¢ÈëÎó²îΣº¦Í¨¸æ
Ðû²¼Ê±¼ä 2020-02-13Îó²î±àºÅºÍ¼¶±ð
CVE±àºÅ£ºCVE-2020-7471£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬CVSS·ÖÖµ£º9.8
Ó°Ïì°æ±¾
Django 1.11.x < 1.11.28
Django 2.2.x < 2.2.10
Django 3.0.x < 3.0.3
Django Ö÷¿ª·¢·ÖÖ§
Îó²î¸ÅÊö
DjangoÊÇDjango»ù½ð»áµÄÒ»Ì×»ùÓÚPythonÓïÑԵĿªÔ´WebÓ¦Óÿò¼Ü¡£¡£¡£¸Ã¿ò¼Ü°üÀ¨ÃæÏò¹¤¾ßµÄÓ³ÉäÆ÷¡¢ÊÓͼϵͳ¡¢Ä£°åϵͳµÈ¡£¡£¡£
¿ËÈÕ£¬£¬£¬£¬Django¹Ù·½Ðû²¼Ç徲ͨ¸æÐû²¼ÁËÒ»¸öͨ¹ýStringAgg£¨ÍÑÀë·û£©ÊµÏÖʹÓõÄDZÔÚSQL×¢ÈëÎó²î¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý½á¹¹ÍÑÀë·ûת´ï¸ø¾ÛºÏº¯Êýcontrib.postgres.aggregates.StringAgg£¬£¬£¬£¬´Ó¶øÈƹýתÒå²¢×¢Èë¶ñÒâSQLÓï¾ä¡£¡£¡£
Ïà¹ØÓû§¿Éͨ¹ý°æ±¾¼ì²âµÄÒªÁìÅжÏÄ¿½ñÓ¦ÓÃÊÇ·ñ±£´æÎ£º¦¡£¡£¡£ÔÚÏÂÁîÐÐÊäÈë python¡£¡£¡£È»ºóÔÚ Python ÌáÐÑ·ûÏÂÊäÈëÏÂÁÐÏÂÁ£¬£¬£¬¿ÉÉó²éÄ¿½ñDjango°æ±¾ÐÅÏ¢¡£¡£¡£ÈôDjango°æ±¾ÔÚÊÜÓ°Ïì¹æÄ£ÄÚ£¬£¬£¬£¬ÇÒʹÓõÄÊý¾Ý¿âΪPostgreSQL£¬£¬£¬£¬Ôò±£´æ´ËÎó²îµÄÇ徲Σº¦¡£¡£¡£
>>> import django
>>> django.get_version()
»òÕߣ¬£¬£¬£¬´ËÎó²îÊÇÓÉÓھۺϺ¯ÊýStringAggµ¼Ö£¬£¬£¬£¬ÈôDjango°æ±¾ÔÚÊÜÓ°Ïì¹æÄ£ÄÚ£¬£¬£¬£¬ÇÒʹÓÃÁ˸þۺϺ¯Êý£¬£¬£¬£¬Ôò¿ÉÄܱ£´æÇ徲Σº¦¡£¡£¡£¿£¿£¿£¿£¿£¿£¿ª·¢Ö°Ô±¿É×ÔÐÐÅŲéÊÇ·ñʹÓÃÁËÏÂÁк¯Êý¡£¡£¡£StringAggº¯Êý£¬£¬£¬£¬ÊÇPostgreSQLÊý¾Ý¿âÖн«±í´ïʽÄð³É×Ö·û´®µÄ¾ÛºÏº¯Êý£¬£¬£¬£¬¿ÉʵÏÖ¶àÐÐÆ´½Ó£¬£¬£¬£¬Ó¦ÓÃÆÕ±é¡£¡£¡£
django.contrib.postgres.aggregates.StringAgg¡£¡£¡£
Îó²îÑéÖ¤
ÔÝÎÞPOC/EXP¡£¡£¡£
ÐÞ¸´½¨Òé
Django ¹Ù·½ÒѾÐû²¼Ð°汾ÐÞ¸´ÁËÉÏÊöÎó²î£¬£¬£¬£¬ÇëÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶¾ÙÐзÀ»¤¡£¡£¡£
Django 1.11.28ÏÂÔØµØµã£ºhttps://www.djangoproject.com/m/releases/1.11/Django-1.11.28.tar.gz
Django 2.2.10 ÏÂÔØµØµã£ºhttps://www.djangoproject.com/m/releases/2.2/Django-2.2.10.tar.gz
Django 3.0.3ÏÂÔØµØµã£ºhttps://www.djangoproject.com/m/releases/3.0/Django-3.0.3.tar.gz
ÈôʹÓà pip ×°Öà Django£¬£¬£¬£¬¿Éͨ¹ý --upgrade »ò -U À´ÊµÏִ˲Ù×÷£º
$ pip install -U Django
°æ±¾¸üвÙ×÷¿É²Î¿¼ÏÂÁÐÁ´½Ó£º
https://docs.djangoproject.com/zh-hans/2.2/howto/upgrade-version
²Î¿¼Á´½Ó
https://www.djangoproject.com/weblog/2020/feb/03/security-releases