diff options
| author | Adam Johnson <me@adamj.eu> | 2022-09-02 09:44:05 +0100 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2022-09-27 10:17:34 +0200 |
| commit | 5b6b257fa7ec37ff27965358800c67e2dd11c924 (patch) | |
| tree | d02c8e1249fcc8605d51595aea7e1ab1224a2ced /docs/releases | |
| parent | 33affaf0b67f0e88bd3d8226476ff2822c821366 (diff) | |
[3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions.
Thanks to Benjamin Balder Bach for the report.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/3.2.16.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/releases/3.2.16.txt b/docs/releases/3.2.16.txt index 3769d0837c..da0a6c4ed4 100644 --- a/docs/releases/3.2.16.txt +++ b/docs/releases/3.2.16.txt @@ -6,4 +6,8 @@ Django 3.2.16 release notes Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15. -... +CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs +=================================================================================== + +Internationalized URLs were subject to potential denial of service attack via +the locale parameter. |