mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity
32,355 Commits 30 Branches 463 Tags
52821001bb62b764d73e63812133f199b8fef9eb
Commit Graph

6 Commits

Author SHA1 Message Date
Simon Charette
32ebcbf2e1 [5.0.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-08-06 08:51:55 +02:00
Mariusz Felisiak
523da8771b [5.0.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-06 08:51:55 +02:00
Sarah Boyce
7b7b909579 [5.0.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-08-06 08:51:55 +02:00
Sarah Boyce
27900fe56f [5.0.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
 2024-08-06 08:51:55 +02:00
Sarah Boyce
3aa9acd856 [5.0.x] Added stub release notes and release date for 5.0.8 and 4.2.15. 
Backport of 3f88089069 from main.
 2024-07-31 11:26:43 +02:00
Lorenzo Peña
e18601273a [5.0.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.

Backport of 0e94f292cd from main.
 2024-07-25 09:42:17 +02:00