mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs CVE-2024-27351 -- Forwardported release notes and tests.

Browse Source 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
This commit is contained in:
Shai Berger
2024-02-19 13:56:37 +01:00
committed by Mariusz Felisiak
parent f5ed4306bb
commit f6ad8c7676
4 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releases/4.2.11.txt
View File

@@ -7,6 +7,14 @@ Django 4.2.11 release notes
Django 4.2.11 fixes a security issue with severity "moderate" and a regression
in 4.2.10.
CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()``
=========================================================================================================
``django.utils.text.Truncator.words()`` method (with ``html=True``) and
:tfilter:`truncatewords_html` template filter were subject to a potential
regular expression denial-of-service attack using a suitably crafted string
(follow up to :cve:`2019-14232` and :cve:`2023-43665`).
Bugfixes
========