Django 3.0.3 release notes — Django documentation
From Get docs
Django/docs/3.2.x/releases/3.0.3
Django 3.0.3 release notes
February 3, 2020
Django 3.0.3 fixes a security issue and several bugs in 3.0.2.
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter
.
Bugfixes
- Fixed a regression in Django 3.0 that caused a crash when subtracting
DateField
,DateTimeField
, orTimeField
from aSubquery()
annotation (:ticket:`31133`). - Fixed a regression in Django 3.0 where
QuerySet.values()
andvalues_list()
crashed if a queryset contained an aggregation andExists()
annotation (:ticket:`31136`). - Relaxed the system check added in Django 3.0 to reallow use of a sublanguage in the :setting:`LANGUAGE_CODE` setting, when a base language is available in Django but the sublanguage is not (:ticket:`31141`).
- Added support for using enumeration types
TextChoices
,IntegerChoices
, andChoices
in templates (:ticket:`31154`). - Fixed a system check to ensure the
max_length
attribute fits the longest choice, when a named group contains only non-string values (:ticket:`31155`). - Fixed a regression in Django 2.2 that caused a crash of ArrayAgg and StringAgg with
filter
argument when used in aSubquery
(:ticket:`31097`). - Fixed a regression in Django 2.2.7 that caused get_FOO_display() to work incorrectly when overriding inherited choices (:ticket:`31124`).
- Fixed a regression in Django 3.0 that caused a crash of
QuerySet.prefetch_related()
forGenericForeignKey
with a customContentType
foreign key (:ticket:`31190`).