summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAdam Johnson <me@adamj.eu>2022-09-02 09:44:05 +0100
committerCarlton Gibson <carlton.gibson@noumenal.es>2022-10-04 09:12:42 +0200
commit9d656ea51d9ea7105c0c0785783ac29d426a7d25 (patch)
tree212f2bd6941f620a763261d58dcfe7bdf29d62cf /docs
parent7843c43c49d3845a1cbebfaaf71f2f0c2a9d8fce (diff)
[4.1.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions.
Thanks to Benjamin Balder Bach for the report.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/3.2.16.txt6
-rw-r--r--docs/releases/4.0.8.txt6
-rw-r--r--docs/releases/4.1.2.txt6
3 files changed, 16 insertions, 2 deletions
diff --git a/docs/releases/3.2.16.txt b/docs/releases/3.2.16.txt
index 3769d0837c..da0a6c4ed4 100644
--- a/docs/releases/3.2.16.txt
+++ b/docs/releases/3.2.16.txt
@@ -6,4 +6,8 @@ Django 3.2.16 release notes
Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15.
-...
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
diff --git a/docs/releases/4.0.8.txt b/docs/releases/4.0.8.txt
index 602fe0a76a..b057eaa1ea 100644
--- a/docs/releases/4.0.8.txt
+++ b/docs/releases/4.0.8.txt
@@ -6,4 +6,8 @@ Django 4.0.8 release notes
Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7.
-...
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
diff --git a/docs/releases/4.1.2.txt b/docs/releases/4.1.2.txt
index 1dddbf44a0..2ee6fe0f5c 100644
--- a/docs/releases/4.1.2.txt
+++ b/docs/releases/4.1.2.txt
@@ -7,6 +7,12 @@ Django 4.1.2 release notes
Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
4.1.1.
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
+
Bugfixes
========