summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/4.2.23.txt14
-rw-r--r--docs/releases/5.1.11.txt14
-rw-r--r--docs/releases/5.2.3.txt6
-rw-r--r--docs/releases/index.txt2
4 files changed, 34 insertions, 2 deletions
diff --git a/docs/releases/4.2.23.txt b/docs/releases/4.2.23.txt
new file mode 100644
index 0000000000..e4232f9bea
--- /dev/null
+++ b/docs/releases/4.2.23.txt
@@ -0,0 +1,14 @@
+===========================
+Django 4.2.23 release notes
+===========================
+
+*June 10, 2025*
+
+Django 4.2.23 fixes a potential log injection issue in 4.2.22.
+
+Bugfixes
+========
+
+* Fixed a log injection possibility by migrating remaining response logging
+ to ``django.utils.log.log_response()``, which safely escapes arguments such
+ as the request path to prevent unsafe log output (:cve:`2025-48432`).
diff --git a/docs/releases/5.1.11.txt b/docs/releases/5.1.11.txt
new file mode 100644
index 0000000000..de44dc0e67
--- /dev/null
+++ b/docs/releases/5.1.11.txt
@@ -0,0 +1,14 @@
+===========================
+Django 5.1.11 release notes
+===========================
+
+*June 10, 2025*
+
+Django 5.1.11 fixes a potential log injection issue in 5.1.10.
+
+Bugfixes
+========
+
+* Fixed a log injection possibility by migrating remaining response logging
+ to ``django.utils.log.log_response()``, which safely escapes arguments such
+ as the request path to prevent unsafe log output (:cve:`2025-48432`).
diff --git a/docs/releases/5.2.3.txt b/docs/releases/5.2.3.txt
index fa0b4163c0..5aaa7fd2dd 100644
--- a/docs/releases/5.2.3.txt
+++ b/docs/releases/5.2.3.txt
@@ -2,7 +2,7 @@
Django 5.2.3 release notes
==========================
-*Expected July 2, 2025*
+*June 10, 2025*
Django 5.2.3 fixes several bugs in 5.2.2. Also, the latest string translations
from Transifex are incorporated.
@@ -10,4 +10,6 @@ from Transifex are incorporated.
Bugfixes
========
-* ...
+* Fixed a log injection possibility by migrating remaining response logging
+ to ``django.utils.log.log_response()``, which safely escapes arguments such
+ as the request path to prevent unsafe log output (:cve:`2025-48432`).
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index e65fa85a38..1ec2a91c06 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -35,6 +35,7 @@ versions of the documentation contain the release notes for any later releases.
.. toctree::
:maxdepth: 1
+ 5.1.11
5.1.10
5.1.9
5.1.8
@@ -74,6 +75,7 @@ versions of the documentation contain the release notes for any later releases.
.. toctree::
:maxdepth: 1
+ 4.2.23
4.2.22
4.2.21
4.2.20