django/docs/releases/4.2.3.txt

==========================
Django 4.2.3 release notes
==========================

*July 3, 2023*

Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
in 4.2.2.

CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
===================================================================================================================

``EmailValidator`` and ``URLValidator`` were subject to potential regular
expression denial of service attack via a very large number of domain name
labels of emails and URLs.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone
  warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`).

* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows
  in the admin changelist view when ``ModelAdmin.list_editable`` contained a
  ``BooleanField`` (:ticket:`34638`).
[4.2.x] Added stub release notes for 4.2.3. Backport of e26d1a91d7de6e9d44655dc4fc6a99654a0dd925 from main 2023-06-05 14:55:23 -03:00			`==========================`
			`Django 4.2.3 release notes`
			`==========================`

[4.2.x] Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main 2023-06-21 08:59:10 +02:00			`July 3, 2023`
[4.2.x] Added stub release notes for 4.2.3. Backport of e26d1a91d7de6e9d44655dc4fc6a99654a0dd925 from main 2023-06-05 14:55:23 -03:00
[4.2.x] Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main 2023-06-21 08:59:10 +02:00			`Django 4.2.3 fixes a security issue with severity "moderate" and several bugs`
			`in 4.2.2.`
[4.2.x] Added stub release notes for 4.2.3. Backport of e26d1a91d7de6e9d44655dc4fc6a99654a0dd925 from main 2023-06-05 14:55:23 -03:00
[4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports. 2023-06-14 12:23:06 +02:00			CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
			`===================================================================================================================`

			``EmailValidator`` and ``URLValidator`` were subject to potential regular
			`expression denial of service attack via a very large number of domain name`
			`labels of emails and URLs.`

[4.2.x] Added stub release notes for 4.2.3. Backport of e26d1a91d7de6e9d44655dc4fc6a99654a0dd925 from main 2023-06-05 14:55:23 -03:00			`Bugfixes`
			`========`

[4.2.x] Fixed #34645 -- Restored alignment for admin date/time timezone warnings. Regression in 96a598356a9ea8c2c05b22cadc12e256a3b295fd. Backport of caf80cb41f13e84803a94928282cae75333bbdfc from main 2023-06-09 21:37:23 +02:00			`* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone`
			warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`).
[4.2.x] Fixed #34638 -- Fixed admin change list selected row highlight on editable boolean fields. Regression in 0aa2f16e63887d6053f6fd0da19254fc74c750ae. Thanks Andrei Shabanski for the report. Backport of 1d9d32389c652edc56ada65116d39789896f4820 from main. 2023-06-07 02:13:57 +05:30
			`* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows`
			in the admin changelist view when ``ModelAdmin.list_editable`` contained a
			``BooleanField`` (:ticket:`34638`).