diff options
Diffstat (limited to 'docs/releases/2.2.27.txt')
| -rw-r--r-- | docs/releases/2.2.27.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/2.2.27.txt b/docs/releases/2.2.27.txt index b1712c649c..688a482575 100644 --- a/docs/releases/2.2.27.txt +++ b/docs/releases/2.2.27.txt @@ -15,3 +15,9 @@ posing an XSS attack vector. In order to avoid this vulnerability, ``{% debug %}`` no longer outputs an information when the ``DEBUG`` setting is ``False``, and it ensures all context variables are correctly escaped when the ``DEBUG`` setting is ``True``. + +CVE-2022-23833: Denial-of-service possibility in file uploads +============================================================= + +Passing certain inputs to multipart forms could result in an infinite loop when +parsing files. |