Sarah Boyce
|
9e9792228a
|
Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
|
2024-07-09 09:21:19 -03:00 |
|
Natalia
|
fe4a0bbe20
|
Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
|
2024-07-09 09:21:19 -03:00 |
|
Michael Manfre
|
5d86458579
|
Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
|
2024-07-09 09:21:19 -03:00 |
|
Adam Johnson
|
d666457453
|
Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
2024-07-09 09:21:19 -03:00 |
|
Natalia
|
89557d4c66
|
Added stub release notes and release date for 5.0.7 and 4.2.14.
|
2024-07-03 14:09:34 -03:00 |
|