summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAdam Johnson <me@adamj.eu>2024-01-22 13:21:13 +0000
committerNatalia <124304+nessita@users.noreply.github.com>2024-02-06 09:13:21 -0300
commit16a8fe18a3b81250f4fa57e3f93f0599dc4895bc (patch)
treee44193d8d7e7d1e64414f39bbe46de315c88c14c /docs
parent2cfa3fba0c8c5f3cf5daf23fd5333902a34fea86 (diff)
[5.0.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/3.2.24.txt6
-rw-r--r--docs/releases/4.2.10.txt6
-rw-r--r--docs/releases/5.0.2.txt6
3 files changed, 16 insertions, 2 deletions
diff --git a/docs/releases/3.2.24.txt b/docs/releases/3.2.24.txt
index 1ab7024f73..67be0f65d1 100644
--- a/docs/releases/3.2.24.txt
+++ b/docs/releases/3.2.24.txt
@@ -6,4 +6,8 @@ Django 3.2.24 release notes
Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23.
-...
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
diff --git a/docs/releases/4.2.10.txt b/docs/releases/4.2.10.txt
index c039f6840f..7cdfa69814 100644
--- a/docs/releases/4.2.10.txt
+++ b/docs/releases/4.2.10.txt
@@ -6,4 +6,8 @@ Django 4.2.10 release notes
Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9.
-...
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
diff --git a/docs/releases/5.0.2.txt b/docs/releases/5.0.2.txt
index 6312dee312..1da6dc02d9 100644
--- a/docs/releases/5.0.2.txt
+++ b/docs/releases/5.0.2.txt
@@ -7,6 +7,12 @@ Django 5.0.2 release notes
Django 5.0.2 fixes a security issue with severity "moderate" and several bugs
in 5.0.1. Also, the latest string translations from Transifex are incorporated.
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
+
Bugfixes
========