diff options
Diffstat (limited to 'docs/releases/3.2.25.txt')
| -rw-r--r-- | docs/releases/3.2.25.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/releases/3.2.25.txt b/docs/releases/3.2.25.txt index aa81c720d5..a3a90986ff 100644 --- a/docs/releases/3.2.25.txt +++ b/docs/releases/3.2.25.txt @@ -7,6 +7,14 @@ Django 3.2.25 release notes Django 3.2.25 fixes a security issue with severity "moderate" and a regression in 3.2.24. +CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` +========================================================================================================= + +``django.utils.text.Truncator.words()`` method (with ``html=True``) and +:tfilter:`truncatewords_html` template filter were subject to a potential +regular expression denial-of-service attack using a suitably crafted string +(follow up to :cve:`2019-14232` and :cve:`2023-43665`). + Bugfixes ======== |