diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:03:22 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-03 11:07:21 -0300 |
| commit | 385678e529a6740a339d54a7a21ec623c826c22c (patch) | |
| tree | b58d3996f57a18a5301c588d7d53690f68e3f959 /docs | |
| parent | 69de8468834358cb92ce2971c356a64dab8709b8 (diff) | |
[4.2.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive.
Backport of 62ab467686845e2a12a2580997a81d4bf61edfc6 from main.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/security.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 0d445669b5..24a1549007 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,29 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +March 3, 2026 - :cve:`2026-25673` +--------------------------------- + +Potential denial-of-service vulnerability in ``URLField`` via Unicode +normalization on Windows. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <b1444d9acf43db9de96e0da2b4737ad56af0eb76>` +* Django 5.2 :commit:`(patch) <4d3c184686626d224d9a87451410ecf802b41f7c>` +* Django 4.2 :commit:`(patch) <b3e8ec8cc310489fe80174b14b11edb970d682ea>` + +March 3, 2026 - :cve:`2026-25674` +--------------------------------- + +Potential incorrect permissions on newly created file system objects. +`Full description +<https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>`__ + +* Django 6.0 :commit:`(patch) <264d5c70ef3281a8869cb2ad45a3a52d5adbe790>` +* Django 5.2 :commit:`(patch) <b07ed2a1e445efde54fc64cb8c37e0f4f7fe53e5>` +* Django 4.2 :commit:`(patch) <54b50bf7d6dcbf02d4c01f853627cc9299d4934d>` + February 3, 2026 - :cve:`2025-13473` ------------------------------------ |