django/docs/releases/5.0.11.txt

===========================
Django 5.0.11 release notes
===========================

*January 14, 2025*

Django 5.0.11 fixes a security issue with severity "moderate" in 5.0.10.

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation
============================================================================

Lack of upper bound limit enforcement in strings passed when performing IPv6
validation could lead to a potential denial-of-service attack. The undocumented
and private functions ``clean_ipv6_address`` and ``is_valid_ipv6_address`` were
vulnerable, as was the  :class:`django.forms.GenericIPAddressField` form field,
which has now been updated to define a ``max_length`` of 39 characters.

The :class:`django.db.models.GenericIPAddressField` model field was not
affected.
Added stub release notes and release date for 5.1.5, 5.0.11, and 4.2.18. 2025-01-07 12:28:39 -03:00			`===========================`
			`Django 5.0.11 release notes`
			`===========================`

			`January 14, 2025`

			`Django 5.0.11 fixes a security issue with severity "moderate" in 5.0.10.`
Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation. Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz Felisiak for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> 2024-12-11 21:39:32 -05:00
			`CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation`
			`============================================================================`

			`Lack of upper bound limit enforcement in strings passed when performing IPv6`
			`validation could lead to a potential denial-of-service attack. The undocumented`
			and private functions ``clean_ipv6_address`` and ``is_valid_ipv6_address`` were
			vulnerable, as was the :class:`django.forms.GenericIPAddressField` form field,
			which has now been updated to define a ``max_length`` of 39 characters.

			The :class:`django.db.models.GenericIPAddressField` model field was not
			`affected.`