diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-02-25 09:40:54 +0100 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-03-06 09:42:27 +0100 |
| commit | 3cfa472644d4ce764d84fed739177b5765ea4b8a (patch) | |
| tree | ad222116473baa68999d5a8219f43cbc86591bac /docs | |
| parent | b179c67860c6b834e5d35fadba4c905d8c6495d5 (diff) | |
[5.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter.
Thanks sw0rd1ight for the report.
Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.20.txt | 6 | ||||
| -rw-r--r-- | docs/releases/5.0.13.txt | 6 | ||||
| -rw-r--r-- | docs/releases/5.1.7.txt | 6 |
3 files changed, 18 insertions, 0 deletions
diff --git a/docs/releases/4.2.20.txt b/docs/releases/4.2.20.txt index c71fa05f43..5849fe2a42 100644 --- a/docs/releases/4.2.20.txt +++ b/docs/releases/4.2.20.txt @@ -5,3 +5,9 @@ Django 4.2.20 release notes *March 6, 2025* Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.0.13.txt b/docs/releases/5.0.13.txt index 27dc3c2f60..ebb0de252a 100644 --- a/docs/releases/5.0.13.txt +++ b/docs/releases/5.0.13.txt @@ -5,3 +5,9 @@ Django 5.0.13 release notes *March 6, 2025* Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.1.7.txt b/docs/releases/5.1.7.txt index 77e89d9c27..164bc08de2 100644 --- a/docs/releases/5.1.7.txt +++ b/docs/releases/5.1.7.txt @@ -7,6 +7,12 @@ Django 5.1.7 release notes Django 5.1.7 fixes a security issue with severity "moderate" and several bugs in 5.1.6. +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. + Bugfixes ======== |
