django/docs/releases/4.0.10.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

18 lines
602 B
Plaintext
Raw Normal View History

===========================
Django 4.0.10 release notes
===========================
*February 14, 2023*
2023-02-07 09:11:01 +00:00
Django 4.0.10 fixes a security issue with severity "moderate" in 4.0.9.
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.