django.git/docs/topics/serialization.txt, branch stable/6.0.x django http://cgit.adnoto.dev/django.git/atom?h=stable%2F6.0.x 2025-12-02T12:24:55Z [6.0.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation in XML serializer. 2025-12-02T12:24:55Z Shai Berger shai@platonix.com 2025-10-11T18:42:56Z urn:sha1:1dbd07a608e495a0c229edaaf84d58d8976313b5 Previously, `getInnerText()` recursively used `list.extend()` on strings, which added each character from child nodes as a separate list element. On deeply nested XML content, this caused the overall deserialization work to grow quadratically with input size, potentially allowing disproportionate CPU consumption for crafted XML. The fix separates collection of inner texts from joining them, so that each subtree is joined only once, reducing the complexity to linear in the size of the input. These changes also include a mitigation for a xml.dom.minidom performance issue. Thanks Seokchan Yoon (https://ch4n3.kr/) for report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 50efb718b31333051bc2dcb06911b8fa1358c98c from main. [6.0.x] Fixed #36581 -- Updated serialization examples from XML to JSON. 2025-09-18T13:45:35Z CodingWithSaksham sakshamthecoder@gmail.com 2025-09-06T09:10:37Z urn:sha1:16bc8de6197a8444c034d31f6aec77a29ce3482c Backport of 762d3be8c559b0abf415be8d6117f04fb6347983 from main. Refs #36485 -- Rewrapped docs to 79 columns line length. 2025-08-25T13:51:10Z David Smith smithdc@gmail.com 2025-07-25T09:24:17Z urn:sha1:f81e6e3a53ee36e3f730a71aa55a5744982dd016 Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. Fixed #29522 -- Refactored the Deserializer functions to classes. 2024-09-17T09:00:49Z Amir Karimi amk9978@gmail.com 2024-09-12T08:56:18Z urn:sha1:ee5147cfd7de2add74a285537a8968ec074e70cd Co-authored-by: Emad Mokhtar <emad.mokhtar@veneficus.nl> Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01T12:03:56Z django-bot ops@djangoproject.com 2023-02-28T19:53:28Z urn:sha1:14459f80ee3a9e005989db37c26fd13bb6d2fab2 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28T11:21:37Z Joseph Victor Zammit jvzammit@gmail.com 2023-01-23T20:29:05Z urn:sha1:ba755ca13123d2691a0926ddb64e5d0a2906a880 Refs #34140 -- Applied rst code-block to non-Python examples. 2023-02-10T18:19:13Z Carlton Gibson carlton.gibson@noumenal.es 2023-02-09T15:48:46Z urn:sha1:534ac4829764f317cf2fbc4a18354fcc998c1425 Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. Fixed #34311 -- Updated serialization docs from unique_together to UniqueConstraint. 2023-02-09T04:28:03Z Willem Van Onsem vanonsem.willem@gmail.com 2023-02-04T21:48:44Z urn:sha1:292aacaf6c3d6956ca2c51c41e36dbf425389346 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30T07:57:17Z Alex Morega alex@grep.ro 2022-08-26T14:10:27Z urn:sha1:de6c9c70549010fc39509f9ef3f6a62ada870318 Updated example of YAML serialization format in docs. 2021-12-28T11:44:41Z Sergey Fursov geyser85@gmail.com 2021-12-27T11:51:43Z urn:sha1:feeb0685c62a793c55a058584ba1de45e74f80f7