django.git/django/utils/html.py, branch 5.0.8 django http://cgit.adnoto.dev/django.git/atom?h=5.0.8 2024-08-06T06:51:55Z [5.0.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 2024-08-06T06:51:55Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-07-10T18:30:12Z urn:sha1:523da8771bce321023f490f70d71a9e973ddc927 Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> [5.0.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-08-06T06:51:55Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-07-18T11:19:34Z urn:sha1:7b7b909579c8311c140c89b8a9431bf537febf93 Thanks to MProgrammer for the report. [5.0.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-07-09T13:03:07Z Adam Johnson me@adamj.eu 2024-06-24T13:30:59Z urn:sha1:7285644640f085f41d60ab0c8ae4e9153f0485db Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Refs #30686 -- Moved Parser.SELF_CLOSING_TAGS to django.utils.html.VOID_ELEMENTS 2023-07-14T08:25:00Z David Smith smithdc@gmail.com 2023-07-05T05:51:29Z urn:sha1:1d0dfc0b920916900d2770f3b5640da08af36d97 Fixed #34609 -- Deprecated calling format_html() without arguments. 2023-06-06T12:14:57Z devilsautumn bhuvnesh875@gmail.com 2023-06-06T08:56:53Z urn:sha1:094b0bea2ce76db9d3dc06c384d4ac3b22705810 Refs #34233 -- Used str.removeprefix()/removesuffix(). 2023-01-18T18:11:18Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-01-18T18:11:18Z urn:sha1:23e886886249ebe8f80a48b0d25fbb5308eeb06f Updated documentation and comments for RFC updates. 2022-11-10T12:52:17Z Nick Pope nick@nickpope.me.uk 2022-11-04T12:33:09Z urn:sha1:9bd174b9a75299dce33e673a559f2b673399b971 - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28T08:54:38Z Hrushikesh Vaidya hrushikeshrv@gmail.com 2022-06-23T08:50:20Z urn:sha1:72e41a0df6db23410135364223eeda83ac2a8b27 Removed unnecessary str type from @keep_lazy decorator for escape()/escapejs(). 2022-02-21T08:46:39Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-21T08:46:39Z urn:sha1:b626c5a9798b045b655d085d59efdd60b5d7a0e3 Refs #32568 -- Optimized escape() by using SafeString instead of mark_safe(). 2022-02-10T05:39:02Z David smithdc@gmail.com 2022-02-02T18:12:09Z urn:sha1:cda81b79f212e0666782393c52ad19c2790c9446