summaryrefslogtreecommitdiff
path: root/docs/releases/security.txt
diff options
context:
space:
mode:
authorNatalia <124304+nessita@users.noreply.github.com>2024-09-03 11:19:02 -0300
committerNatalia <124304+nessita@users.noreply.github.com>2024-09-03 11:25:06 -0300
commit52116774549e27ac5d1ba9423e2fe61c5503a4a4 (patch)
tree275218cb2c3d8a345265d46f5b0abe3095c55f32 /docs/releases/security.txt
parent8f6c36234deef30fad171f80d130eb7c296df526 (diff)
[4.2.x] Added CVE-2024-45230 and CVE-2024-45231 to security archive.
Backport of aa5293068782dfa2d2173c75c8477f58a9989942 from main.
Diffstat (limited to 'docs/releases/security.txt')
-rw-r--r--docs/releases/security.txt22
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 5d2c3900f5..c99953a81b 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,28 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security
process. These are listed below.
+September 3, 2024 - :cve:`2024-45231`
+-------------------------------------
+
+Potential user email enumeration via response status on password reset.
+`Full description
+<https://www.djangoproject.com/weblog/2024/sep/03/security-releases/>`__
+
+* Django 5.1 :commit:`(patch) <3c733c78d6f8e50296d6e248968b6516c92a53ca>`
+* Django 5.0 :commit:`(patch) <96d84047715ea1715b4bd1594e46122b8a77b9e2>`
+* Django 4.2 :commit:`(patch) <bf4888d317ba4506d091eeac6e8b4f1fcc731199>`
+
+September 3, 2024 - :cve:`2024-45230`
+-------------------------------------
+
+Potential denial-of-service vulnerability in ``django.utils.html.urlize()``.
+`Full description
+<https://www.djangoproject.com/weblog/2024/sep/03/security-releases/>`__
+
+* Django 5.1 :commit:`(patch) <022ab0a75c76ab2ea31dfcc5f2cf5501e378d397>`
+* Django 5.0 :commit:`(patch) <813de2672bd7361e9a453ab62cd6e52f96b6525b>`
+* Django 4.2 :commit:`(patch) <d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2>`
+
August 6, 2024 - :cve:`2024-42005`
----------------------------------
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 23:37:59 +0000