Sarah Boyce
|
8e7a44e4be
|
[5.0.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
|
2024-07-09 10:03:38 -03:00 |
|
Natalia
|
9f4f63e9eb
|
[5.0.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
|
2024-07-09 10:03:32 -03:00 |
|
Michael Manfre
|
07cefdee4a
|
[5.0.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
|
2024-07-09 10:03:20 -03:00 |
|
Adam Johnson
|
7285644640
|
[5.0.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
2024-07-09 10:03:07 -03:00 |
|
Natalia
|
03b908ffed
|
[5.0.x] Added stub release notes and release date for 5.0.7 and 4.2.14.
Backport of 89557d4c66 from main.
|
2024-07-03 14:13:02 -03:00 |
|