[5.0.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2024-08-12 15:17:57 +0200
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-09-03 09:32:43 -0300
commit: 813de2672bd7361e9a453ab62cd6e52f96b6525b (patch)
tree: b96c53fc7b1a784288c5e0d05b0d232683f2c9a5 /docs/releases/5.0.9.txt
parent: 05495d4f5ec4aecc0077464c5b4f1d63e7df9aff (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/releases/5.0.9.txt b/docs/releases/5.0.9.txt
index eb3dbe832d..50e94ea3f2 100644
--- a/docs/releases/5.0.9.txt
+++ b/docs/releases/5.0.9.txt
@@ -7,4 +7,9 @@ Django 5.0.9 release notes
 Django 5.0.9 fixes one security issue with severity "moderate" and one security
 issue with severity "low" in 5.0.8.
 
-...
+CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
+===========================================================================================
+
+:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
+denial-of-service attack via very large inputs with a specific sequence of
+characters.
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2024-08-12 15:17:57 +0200
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-09-03 09:32:43 -0300
commit	813de2672bd7361e9a453ab62cd6e52f96b6525b (patch)
tree	b96c53fc7b1a784288c5e0d05b0d232683f2c9a5 /docs/releases/5.0.9.txt
parent	05495d4f5ec4aecc0077464c5b4f1d63e7df9aff (diff)