mirror of
https://github.com/django/django.git
synced 2024-12-25 10:35:48 +00:00
97b7dd59bb
Thanks James Davis for suggesting the fix.
31 lines
1.4 KiB
Plaintext
31 lines
1.4 KiB
Plaintext
============================
|
|
Django 1.11.11 release notes
|
|
============================
|
|
|
|
*March 6, 2018*
|
|
|
|
Django 1.11.11 fixes two security issues in 1.11.10.
|
|
|
|
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and ``urlizetrunc`` template filters
|
|
===============================================================================================
|
|
|
|
The ``django.utils.html.urlize()`` function was extremely slow to evaluate
|
|
certain inputs due to catastrophic backtracking vulnerabilities in two regular
|
|
expressions. The ``urlize()`` function is used to implement the ``urlize`` and
|
|
``urlizetrunc`` template filters, which were thus vulnerable.
|
|
|
|
The problematic regular expressions are replaced with parsing logic that
|
|
behaves similarly.
|
|
|
|
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters
|
|
==================================================================================================================
|
|
|
|
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were
|
|
passed the ``html=True`` argument, they were extremely slow to evaluate certain
|
|
inputs due to a catastrophic backtracking vulnerability in a regular
|
|
expression. The ``chars()`` and ``words()`` methods are used to implement the
|
|
``truncatechars_html`` and ``truncatewords_html`` template filters, which were
|
|
thus vulnerable.
|
|
|
|
The backtracking problem in the regular expression is fixed.
|