django.git/django/utils/text.py, branch stable/5.2.x django http://cgit.adnoto.dev/django.git/atom?h=stable%2F5.2.x 2026-02-25T16:12:17Z [5.2.x] Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit references from HTML truncation docs. 2026-02-25T16:12:17Z Natalia 124304+nessita@users.noreply.github.com 2026-02-25T13:37:38Z urn:sha1:703777cbbc268f62083c703fa27fa582b54bcc93 Backport of bbc6818bc12f14c1764a7eb68556018195f56b59 from main. [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input. 2026-02-03T13:15:39Z Natalia 124304+nessita@users.noreply.github.com 2026-01-21T12:53:10Z urn:sha1:9f2ada875bbee62ac46032e38ddb22755d67ae5a The `TruncateHTMLParser` used `deque.remove()` to remove tags from the stack when processing end tags. With crafted input containing many unmatched end tags, this caused repeated full scans of the tag stack, leading to quadratic time complexity. The fix uses LIFO semantics, only removing a tag from the stack when it matches the most recently opened tag. This avoids linear scans for unmatched end tags and reduces complexity to linear time. Refs #30686 and 6ee37ada3241ed263d8d1c2901b030d964cbd161. Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for reviews. Backport of a33540b3e20b5d759aa8b2e4b9ca0e8edd285344 from main. [5.2.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. 2025-04-23T19:18:55Z Matti Pohjanvirta matti.pohjanvirta@iki.fi 2025-04-20T15:22:51Z urn:sha1:305aa4d0c5507072fa3a1c2f03fba9559329b499 Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 1e9db35836d42a3c72f3d1015c2f302eb6fee046 from main. [5.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. 2025-03-06T08:42:27Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-02-25T08:40:54Z urn:sha1:3cfa472644d4ce764d84fed739177b5765ea4b8a Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main. Refs #30686 -- Removed unused regexes in django.utils.text. 2024-02-15T07:39:14Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-02-15T07:39:14Z urn:sha1:3cadeea077a98367a4ed344d645df0aff243de91 Unused since 6ee37ada3241ed263d8d1c2901b030d964cbd161. Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. 2024-02-07T08:46:25Z David Smith smithdc@gmail.com 2023-01-03T20:48:06Z urn:sha1:6ee37ada3241ed263d8d1c2901b030d964cbd161 Refs #30686 -- Fixed text truncation for negative or zero lengths. 2024-02-07T04:18:35Z David Smith smithdc@gmail.com 2024-02-06T19:52:52Z urn:sha1:70f39e46f86b946c273340d52109824c776ffb4c Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 2023-10-04T12:22:26Z Natalia 124304+nessita@users.noreply.github.com 2023-09-19T12:51:48Z urn:sha1:17b51094d778b421bb2b3aae0c270894b050455d Thanks Wenchao Li of Alibaba Group for the report. Refs #30686 -- Moved add_truncation_text() helper to a module level. 2023-07-14T08:17:14Z David Smith smithdc@gmail.com 2023-06-23T05:40:54Z urn:sha1:6f1b8c00d8151059cc1902a92f067bbdc1673779 Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. 2022-12-17T07:46:37Z Andreas Pelme andreas@pelme.se 2022-11-20T20:46:55Z urn:sha1:ab7a85ac297464df82d8363455609979ca3603db