1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

6 Commits

Author SHA1 Message Date
Simon Charette
c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak
5f1757142f Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
ecf1f8fb90 Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks to MProgrammer for the report.
2024-08-06 08:50:08 +02:00
Sarah Boyce
c19465ad87 Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
3f88089069 Added stub release notes and release date for 5.0.8 and 4.2.15. 2024-07-31 11:21:32 +02:00
Lorenzo Peña
0e94f292cd Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.
2024-07-25 09:38:46 +02:00