django.git, branch 4.2.15

[4.2.x] Bumped version for 4.2.15 release.

2024-08-06T12:56:30Z

[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.

2024-07-31T14:12:35Z

Thanks Eyal (eyalgabay) for the report.

[4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.

2024-07-31T14:12:23Z

Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

[4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

2024-07-31T14:12:11Z

Thanks to MProgrammer for the report.

[4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.

2024-07-31T14:11:59Z

Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger

[4.2.x] Added stub release notes and release date for 4.2.15.

2024-07-31T09:29:30Z

Backport of 3f880890699d4412cf23b59dba425111f62afb3a from main.

[4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().

2024-07-25T07:44:51Z

LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb. Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.

[4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.

2024-07-11T09:10:15Z

[4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to security archive.

2024-07-09T15:00:22Z

Backport of e095c7612d49dbe371e9c7edd76ba99b6bc4f9f6 from main.

[4.2.x] Post-release version bump.

2024-07-09T14:08:49Z