[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2024-08-12 15:17:57 +0200
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-09-03 09:24:13 -0300
commit: 022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch)
tree: fb463682e3ab90de998b49e4b6fdc22b53438e0a /docs/releases/4.2.16.txt
parent: 62039659603ca0fa2df796d1732c4b414549c52b (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/releases/4.2.16.txt b/docs/releases/4.2.16.txt
index 9853004386..2a84186867 100644
--- a/docs/releases/4.2.16.txt
+++ b/docs/releases/4.2.16.txt
@@ -7,4 +7,9 @@ Django 4.2.16 release notes
 Django 4.2.16 fixes one security issue with severity "moderate" and one
 security issue with severity "low" in 4.2.15.
 
-...
+CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
+===========================================================================================
+
+:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
+denial-of-service attack via very large inputs with a specific sequence of
+characters.
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2024-08-12 15:17:57 +0200
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-09-03 09:24:13 -0300
commit	022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch)
tree	fb463682e3ab90de998b49e4b6fdc22b53438e0a /docs/releases/4.2.16.txt
parent	62039659603ca0fa2df796d1732c4b414549c52b (diff)