diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.26.txt | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/docs/releases/4.2.26.txt b/docs/releases/4.2.26.txt index e0db257c04..ae274c3361 100644 --- a/docs/releases/4.2.26.txt +++ b/docs/releases/4.2.26.txt @@ -7,4 +7,12 @@ Django 4.2.26 release notes Django 4.2.26 fixes one security issue with severity "high" and one security issue with severity "moderate" in 4.2.25. -... +CVE-2025-64458: Potential denial-of-service vulnerability in ``HttpResponseRedirect`` and ``HttpResponsePermanentRedirect`` on Windows +====================================================================================================================================== + +Python's :func:`NFKC normalization <python:unicodedata.normalize>` is slow on +Windows. As a consequence, :class:`~django.http.HttpResponseRedirect`, +:class:`~django.http.HttpResponsePermanentRedirect`, and the shortcut +:func:`redirect() <django.shortcuts.redirect>` were subject to a potential +denial-of-service attack via certain inputs with a very large number of Unicode +characters (follow up to :cve:`2025-27556`). |