From 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b Mon Sep 17 00:00:00 2001 From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:40:54 +0100 Subject: Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. Thanks sw0rd1ight for the report. --- docs/releases/4.2.20.txt | 6 ++++++ docs/releases/5.0.13.txt | 6 ++++++ docs/releases/5.1.7.txt | 6 ++++++ 3 files changed, 18 insertions(+) (limited to 'docs') diff --git a/docs/releases/4.2.20.txt b/docs/releases/4.2.20.txt index c71fa05f43..5849fe2a42 100644 --- a/docs/releases/4.2.20.txt +++ b/docs/releases/4.2.20.txt @@ -5,3 +5,9 @@ Django 4.2.20 release notes *March 6, 2025* Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.0.13.txt b/docs/releases/5.0.13.txt index 27dc3c2f60..ebb0de252a 100644 --- a/docs/releases/5.0.13.txt +++ b/docs/releases/5.0.13.txt @@ -5,3 +5,9 @@ Django 5.0.13 release notes *March 6, 2025* Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12. + +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. diff --git a/docs/releases/5.1.7.txt b/docs/releases/5.1.7.txt index 77e89d9c27..164bc08de2 100644 --- a/docs/releases/5.1.7.txt +++ b/docs/releases/5.1.7.txt @@ -7,6 +7,12 @@ Django 5.1.7 release notes Django 5.1.7 fixes a security issue with severity "moderate" and several bugs in 5.1.6. +CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()`` +========================================================================================= + +The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a +potential denial-of-service attack when used with very long strings. + Bugfixes ======== -- cgit v1.3