mirror of
https://github.com/django/django.git
synced 2024-12-27 03:25:58 +00:00
3394fc6132
Thanks Seokchan Yoon for the report. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
23 lines
863 B
Plaintext
23 lines
863 B
Plaintext
===========================
|
|
Django 4.2.11 release notes
|
|
===========================
|
|
|
|
*March 4, 2024*
|
|
|
|
Django 4.2.11 fixes a security issue with severity "moderate" and a regression
|
|
in 4.2.10.
|
|
|
|
CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()``
|
|
=========================================================================================================
|
|
|
|
``django.utils.text.Truncator.words()`` method (with ``html=True``) and
|
|
:tfilter:`truncatewords_html` template filter were subject to a potential
|
|
regular expression denial-of-service attack using a suitably crafted string
|
|
(follow up to :cve:`2019-14232` and :cve:`2023-43665`).
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a regression in Django 4.2.10 where ``intcomma`` template filter could
|
|
return a leading comma for string representation of floats (:ticket:`35172`).
|