django.git/django/utils/text.py, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-03-09T12:41:00Z Fixed #36293 -- Avoided buffering streaming responses in GZipMiddleware. 2026-03-09T12:41:00Z farhan farhanalirazaazeemi@gmail.com 2025-12-13T18:33:33Z urn:sha1:12bb16da8fbadac34e2de318cc79d7d765f35a96 This avoids latency and/or blocking. The example of streaming a CSV file was rewritten to employ batching for greater efficiency in all layers (db, HTTP, etc.). The improved performance from batching should outweigh the drag introduced by an additional byte for each flush. Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com> Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit references from HTML truncation docs. 2026-02-25T16:08:52Z Natalia 124304+nessita@users.noreply.github.com 2026-02-25T13:37:38Z urn:sha1:bbc6818bc12f14c1764a7eb68556018195f56b59 Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input. 2026-02-03T12:54:16Z Natalia 124304+nessita@users.noreply.github.com 2026-01-21T12:53:10Z urn:sha1:a33540b3e20b5d759aa8b2e4b9ca0e8edd285344 The `TruncateHTMLParser` used `deque.remove()` to remove tags from the stack when processing end tags. With crafted input containing many unmatched end tags, this caused repeated full scans of the tag stack, leading to quadratic time complexity. The fix uses LIFO semantics, only removing a tag from the stack when it matches the most recently opened tag. This avoids linear scans for unmatched end tags and reduces complexity to linear time. Refs #30686 and 6ee37ada3241ed263d8d1c2901b030d964cbd161. Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for reviews. Fixed #36705 -- Avoided string concatenation in utils. 2025-11-07T19:06:42Z Kasyap Pentamaraju vpentamaraju@webmd.net 2025-11-03T17:27:53Z urn:sha1:1c7db70e79dce82f50d5958da64ab8e2807a31df Repeated string concatenation performs poorly on PyPy. Thanks Seokchan Yoon for the report. Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware. 2025-10-21T14:45:12Z Adam Johnson me@adamj.eu 2025-10-10T23:10:35Z urn:sha1:a0323a0c44135c28134672e6e633e5f4a7a68d5d Fixed #36341 -- Preserved whitespaces in wordwrap template filter. 2025-04-23T19:14:03Z Matti Pohjanvirta matti.pohjanvirta@iki.fi 2025-04-20T15:22:51Z urn:sha1:1e9db35836d42a3c72f3d1015c2f302eb6fee046 Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. 2025-03-06T08:38:40Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-02-25T08:40:54Z urn:sha1:55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b Thanks sw0rd1ight for the report. Refs #30686 -- Removed unused regexes in django.utils.text. 2024-02-15T07:39:14Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-02-15T07:39:14Z urn:sha1:3cadeea077a98367a4ed344d645df0aff243de91 Unused since 6ee37ada3241ed263d8d1c2901b030d964cbd161. Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. 2024-02-07T08:46:25Z David Smith smithdc@gmail.com 2023-01-03T20:48:06Z urn:sha1:6ee37ada3241ed263d8d1c2901b030d964cbd161 Refs #30686 -- Fixed text truncation for negative or zero lengths. 2024-02-07T04:18:35Z David Smith smithdc@gmail.com 2024-02-06T19:52:52Z urn:sha1:70f39e46f86b946c273340d52109824c776ffb4c