mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-06 22:46:41 +00:00
Code Issues 32 Releases Wiki Activity
31,763 Commits 29 Branches 441 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:40:50 -03:00
Natalia
2b00edc015 [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method. 
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
 2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords. 
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
 2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00