mirror of
https://github.com/django/django.git
synced 2025-03-10 17:32:41 +00:00
7285644640
Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
24 lines
828 B
Plaintext
24 lines
828 B
Plaintext
==========================
|
|
Django 5.0.7 release notes
|
|
==========================
|
|
|
|
*July 9, 2024*
|
|
|
|
Django 5.0.7 fixes two security issues with severity "moderate", two security
|
|
issues with severity "low", and several bugs in 5.0.6.
|
|
|
|
CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
|
|
===========================================================================================
|
|
|
|
:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
|
|
denial-of-service attack via certain inputs with a very large number of
|
|
brackets.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on
|
|
unsaved model instances with a ``GeneratedField`` and certain defined
|
|
:attr:`Meta.constraints <django.db.models.Options.constraints>`
|
|
(:ticket:`35560`).
|