django/docs/releases/4.2.3.txt

==========================
Django 4.2.3 release notes
==========================

*July 3, 2023*

Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
in 4.2.2.

CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
===================================================================================================================

``EmailValidator`` and ``URLValidator`` were subject to potential regular
expression denial of service attack via a very large number of domain name
labels of emails and URLs.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone
  warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`).

* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows
  in the admin changelist view when ``ModelAdmin.list_editable`` contained a
  ``BooleanField`` (:ticket:`34638`).
Added stub release notes for 4.2.3. 2023-06-05 17:55:23 +00:00			`==========================`
			`Django 4.2.3 release notes`
			`==========================`

Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. 2023-06-21 06:59:10 +00:00			`July 3, 2023`
Added stub release notes for 4.2.3. 2023-06-05 17:55:23 +00:00
Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. 2023-06-21 06:59:10 +00:00			`Django 4.2.3 fixes a security issue with severity "moderate" and several bugs`
			`in 4.2.2.`
Added stub release notes for 4.2.3. 2023-06-05 17:55:23 +00:00
Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports. 2023-06-14 10:23:06 +00:00			CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
			`===================================================================================================================`

			``EmailValidator`` and ``URLValidator`` were subject to potential regular
			`expression denial of service attack via a very large number of domain name`
			`labels of emails and URLs.`

Added stub release notes for 4.2.3. 2023-06-05 17:55:23 +00:00			`Bugfixes`
			`========`

Fixed #34645 -- Restored alignment for admin date/time timezone warnings. Regression in 96a598356a9ea8c2c05b22cadc12e256a3b295fd. 2023-06-09 19:37:23 +00:00			`* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone`
			warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`).
Fixed #34638 -- Fixed admin change list selected row highlight on editable boolean fields. Regression in 0aa2f16e63887d6053f6fd0da19254fc74c750ae. Thanks Andrei Shabanski for the report. 2023-06-06 20:43:57 +00:00
			`* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows`
			in the admin changelist view when ``ModelAdmin.list_editable`` contained a
			``BooleanField`` (:ticket:`34638`).