diff options
| author | Shai Berger <shai@platonix.com> | 2024-02-19 13:56:37 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2024-03-04 08:22:00 +0100 |
| commit | f6ad8c7676f85dfde5a279b6b1469251421289e2 (patch) | |
| tree | fab12a57619f5627f70093da3bfb84708984c6d6 /docs/releases | |
| parent | f5ed4306bbfd2e5543dd02cf5a22326a29253cdf (diff) | |
Refs CVE-2024-27351 -- Forwardported release notes and tests.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/3.2.25.txt | 8 | ||||
| -rw-r--r-- | docs/releases/4.2.11.txt | 8 | ||||
| -rw-r--r-- | docs/releases/5.0.3.txt | 8 |
3 files changed, 24 insertions, 0 deletions
diff --git a/docs/releases/3.2.25.txt b/docs/releases/3.2.25.txt index aa81c720d5..a3a90986ff 100644 --- a/docs/releases/3.2.25.txt +++ b/docs/releases/3.2.25.txt @@ -7,6 +7,14 @@ Django 3.2.25 release notes Django 3.2.25 fixes a security issue with severity "moderate" and a regression in 3.2.24. +CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` +========================================================================================================= + +``django.utils.text.Truncator.words()`` method (with ``html=True``) and +:tfilter:`truncatewords_html` template filter were subject to a potential +regular expression denial-of-service attack using a suitably crafted string +(follow up to :cve:`2019-14232` and :cve:`2023-43665`). + Bugfixes ======== diff --git a/docs/releases/4.2.11.txt b/docs/releases/4.2.11.txt index 82c691fcb7..c562e47866 100644 --- a/docs/releases/4.2.11.txt +++ b/docs/releases/4.2.11.txt @@ -7,6 +7,14 @@ Django 4.2.11 release notes Django 4.2.11 fixes a security issue with severity "moderate" and a regression in 4.2.10. +CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` +========================================================================================================= + +``django.utils.text.Truncator.words()`` method (with ``html=True``) and +:tfilter:`truncatewords_html` template filter were subject to a potential +regular expression denial-of-service attack using a suitably crafted string +(follow up to :cve:`2019-14232` and :cve:`2023-43665`). + Bugfixes ======== diff --git a/docs/releases/5.0.3.txt b/docs/releases/5.0.3.txt index 9db83d0135..bd3c6b5004 100644 --- a/docs/releases/5.0.3.txt +++ b/docs/releases/5.0.3.txt @@ -7,6 +7,14 @@ Django 5.0.3 release notes Django 5.0.3 fixes a security issue with severity "moderate" and several bugs in 5.0.2. +CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` +========================================================================================================= + +``django.utils.text.Truncator.words()`` method (with ``html=True``) and +:tfilter:`truncatewords_html` template filter were subject to a potential +regular expression denial-of-service attack using a suitably crafted string +(follow up to :cve:`2019-14232` and :cve:`2023-43665`). + Bugfixes ======== |