django.git/docs/releases/2.1.11.txt, branch maindjango
http://cgit.adnoto.dev/django.git/atom?h=main2021-01-14T16:50:04ZRefs #12990 -- Removed django.contrib.postgres.fields.JSONField per deprecation timeline.2021-01-14T16:50:04ZMariusz Felisiakfelisiak.mariusz@gmail.com2021-01-14T08:33:12Zurn:sha1:7cb5712edc158396c9d4fbf1ecf17794d9a128b3Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().2019-08-01T07:24:54ZFlorian Apollonerflorian@apolloner.eu2019-07-19T15:04:53Zurn:sha1:76ed1c49f804d409cfc2911a890c78584db3c76e
Thanks to Guido Vranken for initial report.
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.2019-08-01T07:24:54ZMariusz Felisiakfelisiak.mariusz@gmail.com2019-07-22T08:45:26Zurn:sha1:7deeabc7c7526786df6894429ce89a9c4b614086
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.2019-08-01T07:24:54ZFlorian Apollonerflorian@apolloner.eu2019-07-15T10:00:06Zurn:sha1:4b78420d250df5e21763633871e486ee76728cc4
Thanks to Guido Vranken for initial report.
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.2019-08-01T07:24:54ZFlorian Apollonerflorian@apolloner.eu2019-07-15T09:46:09Zurn:sha1:7f65974f8219729c047fbbf8cd5cc9d80faefe77
Thanks to Guido Vranken for initial report.
Added stub release notes for security releases.2019-07-25T08:49:30ZCarlton Gibsoncarlton.gibson@noumenal.es2019-07-25T08:49:30Zurn:sha1:f13147c8de725eed7038941758469aeb9bd66503