The Django team has released updates to address a critical security vulnerability. New versions include Django 5.2.6, 5.1.12, and 4.2.24. These releases are specifically designed to fix a potential SQL injection flaw. The vulnerability, identified as CVE-2025-57833, affects the FilteredRelation feature. Specifically, it allows SQL injection through column aliases when using dictionary expansion with QuerySet.annotate() or QuerySet.alias(). Eyal Gabay of EyalSec reported this high-severity issue. Patches have been applied to the main, 5.2, 5.1, and 4.2 branches of Django. Users are strongly advised to upgrade to these latest versions as soon as possible. The PGP key ID associated with these releases is 3955B19851EA96EF. The Django team reminds users to report potential security issues privately via email to [email protected].