===========================
Django 4.2.15 release notes
===========================

*August 6, 2024*

Django 4.2.15 fixes three security issues with severity "moderate", one
security issue with severity "high", and a regression in 4.2.14.

CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()``
================================================================================

If :tfilter:`floatformat` received a string representation of a number in
scientific notation with a large exponent, it could lead to significant memory
consumption.

To avoid this, decimals with more than 200 digits are now returned as is.

Bugfixes
========

* Fixed a regression in Django 4.2.14 that caused a crash in
  ``LocaleMiddleware`` when processing a language code over 500 characters
  (:ticket:`35627`).