django.git/django/utils/html.py, branch 4.2.29 django http://cgit.adnoto.dev/django.git/atom?h=4.2.29 2025-11-05T12:52:56Z [4.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 2025-11-05T12:52:56Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-16T20:28:33Z urn:sha1:770eea38d7a0e9ba9455140b5a9a9e33618226a7 Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. [4.2.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). 2025-05-07T01:36:15Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-04-08T14:30:17Z urn:sha1:9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c Thanks to Elias Myllymäki for the report, and Shai Berger and Jake Howard for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 9f3419b519799d69f2aba70b9d25abe2e70d03e0 from main. [4.2.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). 2024-12-04T13:32:08Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-11-13T14:06:23Z urn:sha1:790eb058b0716c536a2f2e8d1c6d5079d776c22b Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart for the reviews. [4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-09-03T12:42:15Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-12T13:17:57Z urn:sha1:d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 2024-07-31T14:12:23Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-07-10T18:30:12Z urn:sha1:efea1ef7e2190e3f77ca0651b5458297bc0f6a9f Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-07-31T14:12:11Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-07-18T11:19:34Z urn:sha1:d0a82e26a74940bf0c78204933c3bdd6a283eb88 Thanks to MProgrammer for the report. [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-07-09T13:40:37Z Adam Johnson me@adamj.eu 2024-06-24T13:30:59Z urn:sha1:79f368764295df109a37192f6182fb6f361d85b5 Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Updated documentation and comments for RFC updates. 2022-11-10T12:52:17Z Nick Pope nick@nickpope.me.uk 2022-11-04T12:33:09Z urn:sha1:9bd174b9a75299dce33e673a559f2b673399b971 - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28T08:54:38Z Hrushikesh Vaidya hrushikeshrv@gmail.com 2022-06-23T08:50:20Z urn:sha1:72e41a0df6db23410135364223eeda83ac2a8b27 Removed unnecessary str type from @keep_lazy decorator for escape()/escapejs(). 2022-02-21T08:46:39Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-21T08:46:39Z urn:sha1:b626c5a9798b045b655d085d59efdd60b5d7a0e3