summaryrefslogtreecommitdiff
path: root/docs/releases
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases')
-rw-r--r--docs/releases/3.2.20.txt7
-rw-r--r--docs/releases/4.1.10.txt7
-rw-r--r--docs/releases/4.2.3.txt7
3 files changed, 19 insertions, 2 deletions
diff --git a/docs/releases/3.2.20.txt b/docs/releases/3.2.20.txt
index e4ef914394..c8f60a70e2 100644
--- a/docs/releases/3.2.20.txt
+++ b/docs/releases/3.2.20.txt
@@ -6,4 +6,9 @@ Django 3.2.20 release notes
Django 3.2.20 fixes a security issue with severity "moderate" in 3.2.19.
-...
+CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
+===================================================================================================================
+
+``EmailValidator`` and ``URLValidator`` were subject to potential regular
+expression denial of service attack via a very large number of domain name
+labels of emails and URLs.
diff --git a/docs/releases/4.1.10.txt b/docs/releases/4.1.10.txt
index 8aaa9723c8..06c99d0e34 100644
--- a/docs/releases/4.1.10.txt
+++ b/docs/releases/4.1.10.txt
@@ -6,4 +6,9 @@ Django 4.1.10 release notes
Django 4.1.10 fixes a security issue with severity "moderate" in 4.1.9.
-...
+CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
+===================================================================================================================
+
+``EmailValidator`` and ``URLValidator`` were subject to potential regular
+expression denial of service attack via a very large number of domain name
+labels of emails and URLs.
diff --git a/docs/releases/4.2.3.txt b/docs/releases/4.2.3.txt
index 835de58116..c105849739 100644
--- a/docs/releases/4.2.3.txt
+++ b/docs/releases/4.2.3.txt
@@ -7,6 +7,13 @@ Django 4.2.3 release notes
Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
in 4.2.2.
+CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
+===================================================================================================================
+
+``EmailValidator`` and ``URLValidator`` were subject to potential regular
+expression denial of service attack via a very large number of domain name
+labels of emails and URLs.
+
Bugfixes
========
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 07:20:41 +0000