[4.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.

Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2025-10-16 16:28:33 -0400
committer: Natalia <124304+nessita@users.noreply.github.com> 2025-11-05 09:52:56 -0300
commit: 770eea38d7a0e9ba9455140b5a9a9e33618226a7 (patch)
tree: ad731e4465db6a4ee3f88c609612ce0aa473ea9a /django/utils/html.py
parent: 80976bd89e9e1fdfb98c4d902ca4dc59bd3d1d46 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index 84c37d1186..11ffd53eb5 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -9,12 +9,11 @@ from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsp
 from django.core.exceptions import SuspiciousOperation
 from django.utils.encoding import punycode
 from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text
-from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
+from django.utils.http import MAX_URL_LENGTH, RFC3986_GENDELIMS, RFC3986_SUBDELIMS
 from django.utils.regex_helper import _lazy_re_compile
 from django.utils.safestring import SafeData, SafeString, mark_safe
 from django.utils.text import normalize_newlines
 
-MAX_URL_LENGTH = 2048
 MAX_STRIP_TAGS_DEPTH = 50
 
 # HTML tag that opens but has no closing ">" after 1k+ chars.
author	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-16 16:28:33 -0400
committer	Natalia <124304+nessita@users.noreply.github.com>	2025-11-05 09:52:56 -0300
commit	770eea38d7a0e9ba9455140b5a9a9e33618226a7 (patch)
tree	ad731e4465db6a4ee3f88c609612ce0aa473ea9a /django/utils/html.py
parent	80976bd89e9e1fdfb98c4d902ca4dc59bd3d1d46 (diff)