diff options
Diffstat (limited to 'docs/releases/4.0.10.txt')
| -rw-r--r-- | docs/releases/4.0.10.txt | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/docs/releases/4.0.10.txt b/docs/releases/4.0.10.txt index b01f8c5b1b..4d076ab40e 100644 --- a/docs/releases/4.0.10.txt +++ b/docs/releases/4.0.10.txt @@ -6,4 +6,12 @@ Django 4.0.10 release notes Django 4.0.10 fixes a security issue with severity "moderate" in 4.0.9. -... +CVE-2023-24580: Potential denial-of-service vulnerability in file uploads +========================================================================= + +Passing certain inputs to multipart forms could result in too many open files +or memory exhaustion, and provided a potential vector for a denial-of-service +attack. + +The number of files parts parsed is now limited via the new +:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting. |