summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-02-25 09:40:54 +0100
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-03-06 09:38:40 +0100
commit55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b (patch)
tree525180b9fb582c8ad14e2c3c73c20c6075f15545 /docs
parent9a729fb61add16d89a4b42b491aec2d22f1ae69a (diff)
Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter.
Thanks sw0rd1ight for the report.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/4.2.20.txt6
-rw-r--r--docs/releases/5.0.13.txt6
-rw-r--r--docs/releases/5.1.7.txt6
3 files changed, 18 insertions, 0 deletions
diff --git a/docs/releases/4.2.20.txt b/docs/releases/4.2.20.txt
index c71fa05f43..5849fe2a42 100644
--- a/docs/releases/4.2.20.txt
+++ b/docs/releases/4.2.20.txt
@@ -5,3 +5,9 @@ Django 4.2.20 release notes
*March 6, 2025*
Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19.
+
+CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
+=========================================================================================
+
+The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
+potential denial-of-service attack when used with very long strings.
diff --git a/docs/releases/5.0.13.txt b/docs/releases/5.0.13.txt
index 27dc3c2f60..ebb0de252a 100644
--- a/docs/releases/5.0.13.txt
+++ b/docs/releases/5.0.13.txt
@@ -5,3 +5,9 @@ Django 5.0.13 release notes
*March 6, 2025*
Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12.
+
+CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
+=========================================================================================
+
+The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
+potential denial-of-service attack when used with very long strings.
diff --git a/docs/releases/5.1.7.txt b/docs/releases/5.1.7.txt
index 77e89d9c27..164bc08de2 100644
--- a/docs/releases/5.1.7.txt
+++ b/docs/releases/5.1.7.txt
@@ -7,6 +7,12 @@ Django 5.1.7 release notes
Django 5.1.7 fixes a security issue with severity "moderate" and several bugs
in 5.1.6.
+CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
+=========================================================================================
+
+The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
+potential denial-of-service attack when used with very long strings.
+
Bugfixes
========