diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:03:22 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:06:51 -0300 |
| commit | 346a55ced8e8f7b5bc8fe03ecbd4116050f11e2a (patch) | |
| tree | 7e40da0bdafb205ed5fc2666f2af50ee59c6eb56 | |
| parent | 3dac84876c473d08d6057745aa1bd9599c34da44 (diff) | |
[5.2.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive.
Backport of 62ab467686845e2a12a2580997a81d4bf61edfc6 from main.
| -rw-r--r-- | docs/releases/security.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 1c46b152de..892451723e 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,29 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +March 3, 2026 - :cve:`2026-25673` +--------------------------------- + +Potential denial-of-service vulnerability in ``URLField`` via Unicode +normalization on Windows. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <b1444d9acf43db9de96e0da2b4737ad56af0eb76>` +* Django 5.2 :commit:`(patch) <4d3c184686626d224d9a87451410ecf802b41f7c>` +* Django 4.2 :commit:`(patch) <b3e8ec8cc310489fe80174b14b11edb970d682ea>` + +March 3, 2026 - :cve:`2026-25674` +--------------------------------- + +Potential incorrect permissions on newly created file system objects. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <264d5c70ef3281a8869cb2ad45a3a52d5adbe790>` +* Django 5.2 :commit:`(patch) <b07ed2a1e445efde54fc64cb8c37e0f4f7fe53e5>` +* Django 4.2 :commit:`(patch) <54b50bf7d6dcbf02d4c01f853627cc9299d4934d>` + February 3, 2026 - :cve:`2025-13473` ------------------------------------ |