django/docs/releases/3.2.21.txt

===========================
Django 3.2.21 release notes
===========================

*September 4, 2023*

Django 3.2.21 fixes a security issue with severity "moderate" in 3.2.20.

CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
===================================================================================================

``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
service attack via certain inputs with a very large number of Unicode
characters.
Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21. 2023-08-24 05:56:05 +00:00			`===========================`
			`Django 3.2.21 release notes`
			`===========================`

			`September 4, 2023`

			`Django 3.2.21 fixes a security issue with severity "moderate" in 3.2.20.`

Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com> 2023-08-22 06:53:03 +00:00			CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
			`===================================================================================================`

			``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
			`service attack via certain inputs with a very large number of Unicode`
			`characters.`