Natalia
3a7bf7fb6c
[5.0.x] Made cosmetic edits to 5.0.7 release notes.
...
Backport of 1062bf730235ecc90f2087f1c2d346615377a006 from main.
2024-07-09 10:04:57 -03:00
Sarah Boyce
8e7a44e4be
[5.0.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
...
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
2024-07-09 10:03:38 -03:00
Natalia
9f4f63e9eb
[5.0.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
...
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 10:03:32 -03:00
Michael Manfre
07cefdee4a
[5.0.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
...
Refs #20760 .
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 10:03:20 -03:00
Adam Johnson
7285644640
[5.0.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-09 10:03:07 -03:00
Mark Gensler
0602fc2124
[5.0.x] Fixed #35560 -- Made Model.full_clean() ignore GeneratedFields for constraints.
...
Accessing generated field values on unsaved models caused a crash when
validating CheckConstraints and UniqueConstraints with expressions.
Backport of 1005c2abd1ef0c156f449641e38c33e473989d37 from main.
2024-07-04 11:49:27 +02:00
Natalia
03b908ffed
[5.0.x] Added stub release notes and release date for 5.0.7 and 4.2.14.
...
Backport of 89557d4c66b469616fc3a16ba11b2999233efa8d from main.
2024-07-03 14:13:02 -03:00
Natalia
0231bad10d
[5.0.x] Updated release date for Django 5.0.7.
...
Backport of adae619426b6f50046b3daaa744db52989c9d6db from main.
2024-05-31 10:54:48 -03:00
Natalia
629398e55f
[5.0.x] Added stub release notes for 5.0.7.
...
Backport of b79ac89c5799993b459b2248faf0bdd66a9df008 from main.
2024-05-07 15:07:56 -03:00
