django/docs/releases/4.0.10.txt

===========================
Django 4.0.10 release notes
===========================

*February 14, 2023*

Django 4.0.10 fixes a security issue with severity "moderate" in 4.0.9.

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================

Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.

The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
Added stub release notes for 4.0.10 and 3.2.18. Set date for 4.1.7 release. 2023-02-02 10:54:09 +00:00			`===========================`
			`Django 4.0.10 release notes`
			`===========================`

			`February 14, 2023`

Fixed typo in release notes. 2023-02-07 09:11:01 +00:00			`Django 4.0.10 fixes a security issue with severity "moderate" in 4.0.9.`
Added stub release notes for 4.0.10 and 3.2.18. Set date for 4.1.7 release. 2023-02-02 10:54:09 +00:00
Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. Thanks to Jakob Ackermann for the report. 2022-12-13 09:27:39 +00:00			`CVE-2023-24580: Potential denial-of-service vulnerability in file uploads`
			`=========================================================================`

			`Passing certain inputs to multipart forms could result in too many open files`
			`or memory exhaustion, and provided a potential vector for a denial-of-service`
			`attack.`

			`The number of files parts parsed is now limited via the new`
			:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.