The developers of the popular Django framework announced the release of an updated version of the software with a critical bug fix.
The authors of the library recommend that all Django users immediately upgrade to the latest version (Django 4.0.6 or Django 3.2.14) to reduce the risk of attack by cybercriminals. A flaw in Django allowed third parties to control information in the database using the Trunc() and Extract() commands. Roughly speaking, hackers had the opportunity to apply SQL commands to a database that did not belong to them.
Django is no longer vulnerable, and in the next release of the framework, developers are waiting for even more updates to work with the database. New functionality is expected in the Django 4.1 release.