Django 3.1.9 release notes — Django documentation
From Get docs
Django/docs/3.2.x/releases/3.1.9
Django 3.1.9 release notes
May 4, 2021
Django 3.1.9 fixes a security issue in 3.1.8.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser
, UploadedFile
, and FieldFile
allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied.