Django 1.11.28 release notes — Django documentation
From Get docs
Django/docs/2.2.x/releases/1.11.28
Django 1.11.28 release notes
February 3, 2020
Django 1.11.28 fixes a security issue in 1.11.27.
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter
.