mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-25 16:50:45 +00:00
Code Issues 32 Releases Wiki Activity
31,729 Commits 29 Branches 438 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
Simon Charette
f4af67b9b4 [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-07-31 16:12:35 +02:00
Mariusz Felisiak
efea1ef7e2 [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-31 16:12:23 +02:00
Sarah Boyce
d0a82e26a7 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-07-31 16:12:11 +02:00
Sarah Boyce
fc76660f58 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
 2024-07-31 16:11:59 +02:00
Sarah Boyce
7b1a76f899 [4.2.x] Added stub release notes and release date for 4.2.15. 
Backport of 3f880890699d4412cf23b59dba425111f62afb3a from main.
 2024-07-31 11:29:30 +02:00
Lorenzo Peña
96a3497400 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.

Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
 2024-07-25 09:44:51 +02:00