diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:03:22 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:03:54 -0300 |
| commit | 6224764803a3859573a9244d715f0265cc7ecce4 (patch) | |
| tree | 427c4b57354cea5a01a74583b68c5febe1727a92 | |
| parent | a7981cb1a2125e72e76de11c5a49dca785655174 (diff) | |
[6.0.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive.
Backport of 62ab467686845e2a12a2580997a81d4bf61edfc6 from main.
| -rw-r--r-- | docs/releases/security.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 93f4209154..acab6487a7 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,29 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +March 3, 2026 - :cve:`2026-25673` +--------------------------------- + +Potential denial-of-service vulnerability in ``URLField`` via Unicode +normalization on Windows. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <b1444d9acf43db9de96e0da2b4737ad56af0eb76>` +* Django 5.2 :commit:`(patch) <4d3c184686626d224d9a87451410ecf802b41f7c>` +* Django 4.2 :commit:`(patch) <b3e8ec8cc310489fe80174b14b11edb970d682ea>` + +March 3, 2026 - :cve:`2026-25674` +--------------------------------- + +Potential incorrect permissions on newly created file system objects. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <264d5c70ef3281a8869cb2ad45a3a52d5adbe790>` +* Django 5.2 :commit:`(patch) <b07ed2a1e445efde54fc64cb8c37e0f4f7fe53e5>` +* Django 4.2 :commit:`(patch) <54b50bf7d6dcbf02d4c01f853627cc9299d4934d>` + February 3, 2026 - :cve:`2025-13473` ------------------------------------ |