[3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().

Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-08-22 08:53:03 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-09-04 12:23:18 +0200
commit: 6f030b1149bd8fa4ba90452e77cb3edc095ce54e (patch)
tree: 17b06fe9cf59fcdd6f0f322eb0ab01a84eda4133 /docs/releases/3.2.21.txt
parent: 73350a63698199c9f1269647722ea96c7f9a8aa0 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/releases/3.2.21.txt b/docs/releases/3.2.21.txt
index 79efc679d1..062ac66682 100644
--- a/docs/releases/3.2.21.txt
+++ b/docs/releases/3.2.21.txt
@@ -6,4 +6,9 @@ Django 3.2.21 release notes
 
 Django 3.2.21 fixes a security issue with severity "moderate" in 3.2.20.
 
-...
+CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
+===================================================================================================
+
+``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+service attack via certain inputs with a very large number of Unicode
+characters.
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-08-22 08:53:03 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-09-04 12:23:18 +0200
commit	6f030b1149bd8fa4ba90452e77cb3edc095ce54e (patch)
tree	17b06fe9cf59fcdd6f0f322eb0ab01a84eda4133 /docs/releases/3.2.21.txt
parent	73350a63698199c9f1269647722ea96c7f9a8aa0 (diff)