From e5ea2842941967f06cefa10865f303b39c95279f Mon Sep 17 00:00:00 2001 From: Adam Johnson Date: Fri, 2 Sep 2022 09:44:05 +0100 Subject: Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. Thanks to Benjamin Balder Bach for the report. --- docs/releases/3.2.16.txt | 6 +++++- docs/releases/4.0.8.txt | 6 +++++- docs/releases/4.1.2.txt | 6 ++++++ 3 files changed, 16 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/releases/3.2.16.txt b/docs/releases/3.2.16.txt index 3769d0837c..da0a6c4ed4 100644 --- a/docs/releases/3.2.16.txt +++ b/docs/releases/3.2.16.txt @@ -6,4 +6,8 @@ Django 3.2.16 release notes Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15. -... +CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs +=================================================================================== + +Internationalized URLs were subject to potential denial of service attack via +the locale parameter. diff --git a/docs/releases/4.0.8.txt b/docs/releases/4.0.8.txt index 602fe0a76a..b057eaa1ea 100644 --- a/docs/releases/4.0.8.txt +++ b/docs/releases/4.0.8.txt @@ -6,4 +6,8 @@ Django 4.0.8 release notes Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7. -... +CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs +=================================================================================== + +Internationalized URLs were subject to potential denial of service attack via +the locale parameter. diff --git a/docs/releases/4.1.2.txt b/docs/releases/4.1.2.txt index 1dddbf44a0..2ee6fe0f5c 100644 --- a/docs/releases/4.1.2.txt +++ b/docs/releases/4.1.2.txt @@ -7,6 +7,12 @@ Django 4.1.2 release notes Django 4.1.2 fixes a security issue with severity "medium" and several bugs in 4.1.1. +CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs +=================================================================================== + +Internationalized URLs were subject to potential denial of service attack via +the locale parameter. + Bugfixes ======== -- cgit v1.3