django/docs/releases/3.2.20.txt

===========================
Django 3.2.20 release notes
===========================

*July 3, 2023*

Django 3.2.20 fixes a security issue with severity "moderate" in 3.2.19.

CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
===================================================================================================================

``EmailValidator`` and ``URLValidator`` were subject to potential regular
expression denial of service attack via a very large number of domain name
labels of emails and URLs.
Added stub release notes and release date for 4.2.3, 4.1.10, and 3.2.20. 2023-06-21 06:59:10 +00:00			`===========================`
			`Django 3.2.20 release notes`
			`===========================`

			`July 3, 2023`

			`Django 3.2.20 fixes a security issue with severity "moderate" in 3.2.19.`

Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports. 2023-06-14 10:23:06 +00:00			CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
			`===================================================================================================================`

			``EmailValidator`` and ``URLValidator`` were subject to potential regular
			`expression denial of service attack via a very large number of domain name`
			`labels of emails and URLs.`