django.git, branch 4.2.22

[4.2.x] Bumped version for 4.2.22 release.

2025-06-04T11:51:01Z

[4.2.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response()`.

2025-06-04T11:50:05Z

Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson Co-authored-by: Jake Howard Backport of a07ebec5591e233d8bbb38b7d63f35c5479eef0e from main.

[4.2.x] Added stub release notes and release date for 4.2.22.

2025-05-28T13:21:44Z

Backport of 1a744343999c9646912cee76ba0a2fa6ef5e6240 from main.

[4.2.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable apps tutorial for PEP 625.

2025-05-26T15:38:29Z

Backport of 1307b8a1cb05762147736d0f347792b33f645390 from main.

[4.2.x] Added helpers in csrf_tests and logging_tests to assert logs from `log_response()`.

2025-05-22T18:45:13Z

Backport of ad6f99889838ccc2c30b3c02ed3868c9b565e81b from main.

[4.2.x] Refs #26688 -- Added tests for `log_response()` internal helper.

2025-05-22T18:44:44Z

Backport of 897046815944cc9a2da7ed9e8082f45ffe8110e3 from main.

[4.2.x] Refs #35980 -- Added release note about changes in release artifacts filenames.

2025-05-09T16:33:55Z

Backport of 42ab99309d347f617d60751c2e8d627fb2963049 from main.

[4.2.x] Removed "Expected" from release date for 4.2.21.

2025-05-09T16:33:08Z

Backport of c86156378db09e68db3a9ae1c108f661a67e3abe from main.

[4.2.x] Cleaned up CVE-2025-32873 security archive description.

2025-05-07T14:38:00Z

Backport of 37f2a77c729ccb71059c8e66c49b07499d2edf60 from main.

[4.2.x] Added CVE-2025-32873 to security archive.

2025-05-07T14:25:04Z

Backport of fdabda4e05587347aeb3382a442d7e77c1a0c3e5 from main.