mirror of https://github.com/django/django.git
18 lines
603 B
Plaintext
18 lines
603 B
Plaintext
===========================
|
|
Django 3.2.18 release notes
|
|
===========================
|
|
|
|
*February 14, 2023*
|
|
|
|
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
|
|
|
|
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
|
|
=========================================================================
|
|
|
|
Passing certain inputs to multipart forms could result in too many open files
|
|
or memory exhaustion, and provided a potential vector for a denial-of-service
|
|
attack.
|
|
|
|
The number of files parts parsed is now limited via the new
|
|
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
|