diff options
Diffstat (limited to 'docs/releases/4.0.2.txt')
| -rw-r--r-- | docs/releases/4.0.2.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/4.0.2.txt b/docs/releases/4.0.2.txt index d949d49dd6..05d235a4ff 100644 --- a/docs/releases/4.0.2.txt +++ b/docs/releases/4.0.2.txt @@ -18,6 +18,12 @@ In order to avoid this vulnerability, ``{% debug %}`` no longer outputs an information when the ``DEBUG`` setting is ``False``, and it ensures all context variables are correctly escaped when the ``DEBUG`` setting is ``True``. +CVE-2022-23833: Denial-of-service possibility in file uploads +============================================================= + +Passing certain inputs to multipart forms could result in an infinite loop when +parsing files. + Bugfixes ======== |