[4.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter.

Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-02-25 09:40:54 +0100
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-03-06 10:01:44 +0100
commit: e88f7376fe68dbf4ebaf11fad1513ce700b45860 (patch)
tree: 1aa1a23e92b654c00d65679c555a36508393cc50 /docs
parent: 348e46a3e0cd80718d237a3b6d96a1c84bff317d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/4.2.20.txt b/docs/releases/4.2.20.txt
index c71fa05f43..5849fe2a42 100644
--- a/docs/releases/4.2.20.txt
+++ b/docs/releases/4.2.20.txt
@@ -5,3 +5,9 @@ Django 4.2.20 release notes
 *March 6, 2025*
 
 Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19.
+
+CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
+=========================================================================================
+
+The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
+potential denial-of-service attack when used with very long strings.
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-02-25 09:40:54 +0100
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-03-06 10:01:44 +0100
commit	e88f7376fe68dbf4ebaf11fad1513ce700b45860 (patch)
tree	1aa1a23e92b654c00d65679c555a36508393cc50 /docs
parent	348e46a3e0cd80718d237a3b6d96a1c84bff317d (diff)