mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity
32,879 Commits 30 Branches 463 Tags
d6749de9278c5417944a0d8e22967b4986906b1c
Commit Graph

6 Commits

Author SHA1 Message Date
Simon Charette
e2583fbc2e [5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-08-06 08:51:22 +02:00
Mariusz Felisiak
bd807c0c25 [5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-06 08:51:22 +02:00
Sarah Boyce
0c1a890916 [5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-08-06 08:51:22 +02:00
Sarah Boyce
0504af6429 [5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
 2024-08-06 08:51:22 +02:00
Sarah Boyce
405cecd65c [5.1.x] Added stub release notes and release date for 5.0.8 and 4.2.15. 
Backport of 3f88089069 from main.
 2024-07-31 11:24:35 +02:00
Lorenzo Peña
741f33eaf1 [5.1.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.

Backport of 0e94f292cd from main.
 2024-07-25 09:40:49 +02:00