diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.20.txt | 6 | ||||
| -rw-r--r-- | docs/releases/5.0.13.txt | 6 | ||||
| -rw-r--r-- | docs/releases/5.1.7.txt | 6 |
3 files changed, 18 insertions, 0 deletions
diff --git a/docs/releases/4.2.20.txt b/docs/releases/4.2.20.txt index c71fa05f43..5849fe2a42 100644 --- a/docs/releases/4.2.20.txt +++ b/docs/releases/4.2.20.txt @@ -5,3 +5,9 @@ Django 4.2.20 release notes *March 6, 2025* Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.0.13.txt b/docs/releases/5.0.13.txt index 27dc3c2f60..ebb0de252a 100644 --- a/docs/releases/5.0.13.txt +++ b/docs/releases/5.0.13.txt @@ -5,3 +5,9 @@ Django 5.0.13 release notes *March 6, 2025* Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.1.7.txt b/docs/releases/5.1.7.txt index 77e89d9c27..164bc08de2 100644 --- a/docs/releases/5.1.7.txt +++ b/docs/releases/5.1.7.txt @@ -7,6 +7,12 @@ Django 5.1.7 release notes Django 5.1.7 fixes a security issue with severity "moderate" and several bugs in 5.1.6. +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. + Bugfixes ======== |
