1
0
mirror of https://github.com/django/django.git synced 2024-12-24 10:05:46 +00:00
django/docs/releases/3.2.18.txt
Markus Holtermann 7ac5ff37b8 [4.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.
Thanks to Jakob Ackermann for the report.
2023-02-14 08:21:18 +01:00

18 lines
603 B
Plaintext

===========================
Django 3.2.18 release notes
===========================
*February 14, 2023*
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.