chango.git, branch 5.1.10 django http://cgit.adnoto.dev/chango.git/atom?h=5.1.10 2025-06-04T11:46:54Z [5.1.x] Bumped version for 5.1.10 release. 2025-06-04T11:46:54Z Natalia 124304+nessita@users.noreply.github.com 2025-06-04T11:46:54Z urn:sha1:23a853821b75787d77016811881220ec6f57310a [5.1.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response()`. 2025-06-04T11:46:07Z Natalia 124304+nessita@users.noreply.github.com 2025-05-20T18:29:52Z urn:sha1:596542ddb46cdabe011322917e1655f0d24eece2 Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net> Backport of a07ebec5591e233d8bbb38b7d63f35c5479eef0e from main. [5.1.x] Added stub release notes and release date for 5.1.10 and 4.2.22. 2025-05-28T13:19:23Z Natalia 124304+nessita@users.noreply.github.com 2025-05-28T13:03:06Z urn:sha1:a70841bc03a5f025c0c7d7a436021f154aee7bef Backport of 1a744343999c9646912cee76ba0a2fa6ef5e6240 from main. [5.1.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable apps tutorial for PEP 625. 2025-05-26T15:37:29Z Jason Judkins 34417573+jcjudkins@users.noreply.github.com 2025-05-26T15:33:29Z urn:sha1:129750a8074b1f1f712b0005062cd1293eac21a9 Backport of 1307b8a1cb05762147736d0f347792b33f645390 from main. [5.1.x] Added helpers in csrf_tests and logging_tests to assert logs from `log_response()`. 2025-05-22T18:42:30Z Natalia 124304+nessita@users.noreply.github.com 2025-05-20T01:46:00Z urn:sha1:32a9cb217936fee674c362faddac2a869f20315e Backport of ad6f99889838ccc2c30b3c02ed3868c9b565e81b from main. [5.1.x] Refs #26688 -- Added tests for `log_response()` internal helper. 2025-05-22T18:42:28Z Natalia 124304+nessita@users.noreply.github.com 2025-05-20T01:45:38Z urn:sha1:bb92acacac97a4ddcd5a1826ac1e025f3100e246 Backport of 897046815944cc9a2da7ed9e8082f45ffe8110e3 from main. [5.1.x] Refs #35980 -- Added release note about changes in release artifacts filenames. 2025-05-09T16:31:53Z Natalia 124304+nessita@users.noreply.github.com 2025-05-08T12:06:55Z urn:sha1:85bdeb31e2700a68d61c89108ba122ee3618fc05 Backport of 42ab99309d347f617d60751c2e8d627fb2963049 from main. [5.1.x] Removed "Expected" from release date for 5.1.9 and 4.2.21. 2025-05-09T16:30:58Z Natalia 124304+nessita@users.noreply.github.com 2025-05-08T11:50:02Z urn:sha1:503128a7d1649833c8973cff480999ef73448d76 Backport of c86156378db09e68db3a9ae1c108f661a67e3abe from main. [5.1.x] Cleaned up CVE-2025-32873 security archive description. 2025-05-07T14:37:34Z Natalia 124304+nessita@users.noreply.github.com 2025-05-07T14:26:54Z urn:sha1:73f70b5cc8a4218af11d14edd49b0e8e6ff79256 Backport of 37f2a77c729ccb71059c8e66c49b07499d2edf60 from main. [5.1.x] Added CVE-2025-32873 to security archive. 2025-05-07T14:09:35Z Natalia 124304+nessita@users.noreply.github.com 2025-05-07T13:59:55Z urn:sha1:05fab4e394e98bfd6c7a333d0d195438ccfa5450 Backport of fdabda4e05587347aeb3382a442d7e77c1a0c3e5 from main.