diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:24:13 -0300 |
| commit | 022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch) | |
| tree | fb463682e3ab90de998b49e4b6fdc22b53438e0a /docs/releases | |
| parent | 62039659603ca0fa2df796d1732c4b414549c52b (diff) | |
[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/4.2.16.txt | 7 | ||||
| -rw-r--r-- | docs/releases/5.0.9.txt | 7 | ||||
| -rw-r--r-- | docs/releases/5.1.1.txt | 7 |
3 files changed, 19 insertions, 2 deletions
diff --git a/docs/releases/4.2.16.txt b/docs/releases/4.2.16.txt index 9853004386..2a84186867 100644 --- a/docs/releases/4.2.16.txt +++ b/docs/releases/4.2.16.txt @@ -7,4 +7,9 @@ Django 4.2.16 release notes Django 4.2.16 fixes one security issue with severity "moderate" and one security issue with severity "low" in 4.2.15. -... +CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` +=========================================================================================== + +:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential +denial-of-service attack via very large inputs with a specific sequence of +characters. diff --git a/docs/releases/5.0.9.txt b/docs/releases/5.0.9.txt index eb3dbe832d..50e94ea3f2 100644 --- a/docs/releases/5.0.9.txt +++ b/docs/releases/5.0.9.txt @@ -7,4 +7,9 @@ Django 5.0.9 release notes Django 5.0.9 fixes one security issue with severity "moderate" and one security issue with severity "low" in 5.0.8. -... +CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` +=========================================================================================== + +:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential +denial-of-service attack via very large inputs with a specific sequence of +characters. diff --git a/docs/releases/5.1.1.txt b/docs/releases/5.1.1.txt index 743f2753a8..dd24929100 100644 --- a/docs/releases/5.1.1.txt +++ b/docs/releases/5.1.1.txt @@ -7,6 +7,13 @@ Django 5.1.1 release notes Django 5.1.1 fixes one security issue with severity "moderate", one security issue with severity "low", and several bugs in 5.1. +CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` +=========================================================================================== + +:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential +denial-of-service attack via very large inputs with a specific sequence of +characters. + Bugfixes ======== |