0.23.0
‼️ 🚨 Critical vulnerability fixed – please upgrade ASAP
- In this version of ormar the critical vulnerability (
CVE-2026-26198) in aggregate functions was patched - thanks @AAtomical
for reporting. The vulnerability was caused by the way ormar generated SQL queries for aggregate functions, allowing arbitrary SQL execution through user input. - Affected versions:
0.9.9 - 0.12.20.20.0b1 - 0.22.0 (latest)
✨ Breaking changes
- Drop support for Python 3.9
🐛 Fixes
- Fix selecting data with nested models with json fields #1530
- Fix prefetching JSON list field throwing TypeError - thanks @jannyware-inc #1402
Contributors
jannyware-inc and AAtomical