summaryrefslogtreecommitdiff
path: root/docs/releases
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases')
-rw-r--r--docs/releases/3.2.18.txt10
1 files changed, 9 insertions, 1 deletions
diff --git a/docs/releases/3.2.18.txt b/docs/releases/3.2.18.txt
index 431d04c989..46c0feb51e 100644
--- a/docs/releases/3.2.18.txt
+++ b/docs/releases/3.2.18.txt
@@ -6,4 +6,12 @@ Django 3.2.18 release notes
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
-...
+CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
+=========================================================================
+
+Passing certain inputs to multipart forms could result in too many open files
+or memory exhaustion, and provided a potential vector for a denial-of-service
+attack.
+
+The number of files parts parsed is now limited via the new
+:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 03:31:46 +0000