[4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.

Thanks Seokchan Yoon for reports.
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-06-14 12:23:06 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-07-03 08:19:23 +0200
commit: b7c5feb35a31799de6e582ad6a5a91a9de74e0f9 (patch)
tree: e1f30c69b702a3e042b67fefffd93dba749a7808 /docs/releases/4.2.3.txt
parent: 1ea11365f61a78051e196e6123d5f987efa90df1 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/releases/4.2.3.txt b/docs/releases/4.2.3.txt
index 835de58116..c105849739 100644
--- a/docs/releases/4.2.3.txt
+++ b/docs/releases/4.2.3.txt
@@ -7,6 +7,13 @@ Django 4.2.3 release notes
 Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
 in 4.2.2.
 
+CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
+===================================================================================================================
+
+``EmailValidator`` and ``URLValidator`` were subject to potential regular
+expression denial of service attack via a very large number of domain name
+labels of emails and URLs.
+
 Bugfixes
 ========
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-06-14 12:23:06 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-07-03 08:19:23 +0200
commit	b7c5feb35a31799de6e582ad6a5a91a9de74e0f9 (patch)
tree	e1f30c69b702a3e042b67fefffd93dba749a7808 /docs/releases/4.2.3.txt
parent	1ea11365f61a78051e196e6123d5f987efa90df1 (diff)