summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAdam Johnson <me@adamj.eu>2024-01-22 13:21:13 +0000
committerNatalia <124304+nessita@users.noreply.github.com>2024-02-06 09:07:31 -0300
commit55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9 (patch)
tree9d5a196a7c8513b726eb90a63d18f50cb58ec469 /docs
parent9cefdfc43f0bae696b56fa5a0bf22346f85affff (diff)
Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/3.2.24.txt6
-rw-r--r--docs/releases/4.2.10.txt6
-rw-r--r--docs/releases/5.0.2.txt6
3 files changed, 16 insertions, 2 deletions
diff --git a/docs/releases/3.2.24.txt b/docs/releases/3.2.24.txt
index 1ab7024f73..67be0f65d1 100644
--- a/docs/releases/3.2.24.txt
+++ b/docs/releases/3.2.24.txt
@@ -6,4 +6,8 @@ Django 3.2.24 release notes
Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23.
-...
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
diff --git a/docs/releases/4.2.10.txt b/docs/releases/4.2.10.txt
index c039f6840f..7cdfa69814 100644
--- a/docs/releases/4.2.10.txt
+++ b/docs/releases/4.2.10.txt
@@ -6,4 +6,8 @@ Django 4.2.10 release notes
Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9.
-...
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
diff --git a/docs/releases/5.0.2.txt b/docs/releases/5.0.2.txt
index 6312dee312..1da6dc02d9 100644
--- a/docs/releases/5.0.2.txt
+++ b/docs/releases/5.0.2.txt
@@ -7,6 +7,12 @@ Django 5.0.2 release notes
Django 5.0.2 fixes a security issue with severity "moderate" and several bugs
in 5.0.1. Also, the latest string translations from Transifex are incorporated.
+CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
+===========================================================================
+
+The ``intcomma`` template filter was subject to a potential denial-of-service
+attack when used with very long strings.
+
Bugfixes
========