[4.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response logging.

Migrated remaining response-related logging to use the `log_response()` helper to avoid potential log injection, to ensure untrusted values like request paths are safely escaped. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 957951755259b412d5113333b32bf85871d29814 from main.
author: Jake Howard <git@theorangeone.net> 2025-06-04 16:08:46 +0100
committer: Natalia <124304+nessita@users.noreply.github.com> 2025-06-06 09:24:47 -0300
commit: b597d46bb19c8567615e62029210dab16c70db7d (patch)
tree: ee6258e5a9872817e1f46d6b2fb725b0058086d6 /docs
parent: 10ba3f78da2e22bd232dc085e2a8a7c293c3fb73 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/docs/releases/4.2.23.txt b/docs/releases/4.2.23.txt
new file mode 100644
index 0000000000..e4232f9bea
--- /dev/null
+++ b/docs/releases/4.2.23.txt
@@ -0,0 +1,14 @@
+===========================
+Django 4.2.23 release notes
+===========================
+
+*June 10, 2025*
+
+Django 4.2.23 fixes a potential log injection issue in 4.2.22.
+
+Bugfixes
+========
+
+* Fixed a log injection possibility by migrating remaining response logging
+  to ``django.utils.log.log_response()``, which safely escapes arguments such
+  as the request path to prevent unsafe log output (:cve:`2025-48432`).
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index a903812edd..73195b535e 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -26,6 +26,7 @@ versions of the documentation contain the release notes for any later releases.
 .. toctree::
    :maxdepth: 1
 
+   4.2.23
    4.2.22
    4.2.21
    4.2.20
author	Jake Howard <git@theorangeone.net>	2025-06-04 16:08:46 +0100
committer	Natalia <124304+nessita@users.noreply.github.com>	2025-06-06 09:24:47 -0300
commit	b597d46bb19c8567615e62029210dab16c70db7d (patch)
tree	ee6258e5a9872817e1f46d6b2fb725b0058086d6 /docs
parent	10ba3f78da2e22bd232dc085e2a8a7c293c3fb73 (diff)