CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()

Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. Django now includes this fix. See :bpo:`42967` for further details.

Bugfixes

• Fixed a regression in Django 3.1 that caused RuntimeError instead of connection errors when using only the 'postgres' database (:ticket:`32403`).