summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorvarunkasyap <varunkasyap@hotmail.com>2025-11-26 14:28:24 -0300
committerNatalia <124304+nessita@users.noreply.github.com>2025-11-26 17:19:57 -0300
commit0ae15bb52e17768839d057bc1ae3d72f2866458d (patch)
treeb35ffac38391749b414c405c330afba142e23920 /scripts
parent31bc5c2d11e1d1cc728666d0785eea088b1dc1f2 (diff)
[5.2.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedirectBase.
Refs CVE-2025-64458. The previous limit of 2048 characters reused the URLValidator constant and proved too restrictive for legitimate redirects to some third-party services. This change introduces a separate `MAX_URL_REDIRECT_LENGTH` constant (defaulting to 16384) and uses it in HttpResponseRedirectBase. Thanks Jacob Walls for report and review. Backport of a8cf8c292cfee98fe6cc873ca5221935f1d02271 from main.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions