Refs CVE-2025-48432 -- Prevented log injection in remaining response logging.

Migrated remaining response-related logging to use the `log_response()` helper to avoid potential log injection, to ensure untrusted values like request paths are safely escaped. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
author: Jake Howard <git@theorangeone.net> 2025-06-04 16:08:46 +0100
committer: nessita <124304+nessita@users.noreply.github.com> 2025-06-06 09:05:32 -0300
commit: 957951755259b412d5113333b32bf85871d29814 (patch)
tree: 47e0bdc27498569f40c41d167d5b16b96c37f933 /docs/releases/5.2.3.txt
parent: ff835f439cb1ecd8d74a24de12e3c03e5477dc9d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/releases/5.2.3.txt b/docs/releases/5.2.3.txt
index fa0b4163c0..5aaa7fd2dd 100644
--- a/docs/releases/5.2.3.txt
+++ b/docs/releases/5.2.3.txt
@@ -2,7 +2,7 @@
 Django 5.2.3 release notes
 ==========================
 
-*Expected July 2, 2025*
+*June 10, 2025*
 
 Django 5.2.3 fixes several bugs in 5.2.2. Also, the latest string translations
 from Transifex are incorporated.
@@ -10,4 +10,6 @@ from Transifex are incorporated.
 Bugfixes
 ========
 
-* ...
+* Fixed a log injection possibility by migrating remaining response logging
+  to ``django.utils.log.log_response()``, which safely escapes arguments such
+  as the request path to prevent unsafe log output (:cve:`2025-48432`).
author	Jake Howard <git@theorangeone.net>	2025-06-04 16:08:46 +0100
committer	nessita <124304+nessita@users.noreply.github.com>	2025-06-06 09:05:32 -0300
commit	957951755259b412d5113333b32bf85871d29814 (patch)
tree	47e0bdc27498569f40c41d167d5b16b96c37f933 /docs/releases/5.2.3.txt
parent	ff835f439cb1ecd8d74a24de12e3c03e5477dc9d (diff)