Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter.

Thanks sw0rd1ight for the report.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-02-25 09:40:54 +0100
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-03-06 09:38:40 +0100
commit: 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b (patch)
tree: 525180b9fb582c8ad14e2c3c73c20c6075f15545 /docs/releases/5.1.7.txt
parent: 9a729fb61add16d89a4b42b491aec2d22f1ae69a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/5.1.7.txt b/docs/releases/5.1.7.txt
index 77e89d9c27..164bc08de2 100644
--- a/docs/releases/5.1.7.txt
+++ b/docs/releases/5.1.7.txt
@@ -7,6 +7,12 @@ Django 5.1.7 release notes
 Django 5.1.7 fixes a security issue with severity "moderate" and several bugs
 in 5.1.6.
 
+CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
+=========================================================================================
+
+The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
+potential denial-of-service attack when used with very long strings.
+
 Bugfixes
 ========
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-02-25 09:40:54 +0100
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-03-06 09:38:40 +0100
commit	55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b (patch)
tree	525180b9fb582c8ad14e2c3c73c20c6075f15545 /docs/releases/5.1.7.txt
parent	9a729fb61add16d89a4b42b491aec2d22f1ae69a (diff)