Natalia
e396c43d17
[5.1.x] Made cosmetic edits to 5.0.7 release notes.
...
Backport of 1062bf730235ecc90f2087f1c2d346615377a006 from main.
2024-07-09 09:45:27 -03:00
Sarah Boyce
e99ccc4342
[5.1.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
...
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
2024-07-09 09:42:58 -03:00
Natalia
6d36203648
[5.1.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
...
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 09:42:45 -03:00
Michael Manfre
f5d16483f3
[5.1.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
...
Refs #20760 .
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 09:42:29 -03:00
Adam Johnson
44aef996c8
[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-09 09:42:12 -03:00
Mark Gensler
2da007737c
[5.1.x] Fixed #35560 -- Made Model.full_clean() ignore GeneratedFields for constraints.
...
Accessing generated field values on unsaved models caused a crash when
validating CheckConstraints and UniqueConstraints with expressions.
Backport of 1005c2abd1ef0c156f449641e38c33e473989d37 from main.
2024-07-04 11:47:20 +02:00
Natalia
9f4725fa8f
[5.1.x] Added stub release notes and release date for 5.0.7 and 4.2.14.
...
Backport of 89557d4c66b469616fc3a16ba11b2999233efa8d from main.
2024-07-03 14:12:24 -03:00
Natalia
de7fc2e42e
[5.1.x] Updated release date for Django 5.0.7.
...
Backport of adae619426b6f50046b3daaa744db52989c9d6db from main.
2024-05-31 10:55:17 -03:00
Natalia
b79ac89c57
Added stub release notes for 5.0.7.
2024-05-07 15:06:02 -03:00
