From c880530ddd4fabd5939bab0e148bebe36699432a Mon Sep 17 00:00:00 2001 From: Jacob Walls Date: Thu, 16 Oct 2025 16:28:33 -0400 Subject: Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. --- tests/httpwrappers/tests.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests') diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py index f1caec6b71..804bec50b0 100644 --- a/tests/httpwrappers/tests.py +++ b/tests/httpwrappers/tests.py @@ -24,6 +24,7 @@ from django.http import ( ) from django.test import SimpleTestCase from django.utils.functional import lazystr +from django.utils.http import MAX_URL_LENGTH class QueryDictTests(SimpleTestCase): @@ -490,6 +491,7 @@ class HttpResponseTests(SimpleTestCase): 'data:text/html,', "mailto:test@example.com", "file:///etc/passwd", + "é" * (MAX_URL_LENGTH + 1), ] for url in bad_urls: with self.assertRaises(DisallowedRedirect): -- cgit v1.3