From ad0410ec4f458aa39803e5f6b9a3736527062dcd Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Wed, 14 Jun 2023 12:23:06 +0200 Subject: Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports. --- docs/ref/forms/fields.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'docs/ref/forms') diff --git a/docs/ref/forms/fields.txt b/docs/ref/forms/fields.txt index aa0a7a8444..e443e9eabf 100644 --- a/docs/ref/forms/fields.txt +++ b/docs/ref/forms/fields.txt @@ -596,7 +596,12 @@ For each field, we describe the default widget used if you don't specify * Error message keys: ``required``, ``invalid`` Has the optional arguments ``max_length``, ``min_length``, and - ``empty_value`` which work just as they do for :class:`CharField`. + ``empty_value`` which work just as they do for :class:`CharField`. The + ``max_length`` argument defaults to 320 (see :rfc:`3696#section-3`). + + .. versionchanged:: 3.2.20 + + The default value for ``max_length`` was changed to 320 characters. ``FileField`` ------------- -- cgit v1.3