blob: 46c0feb51e42ebe641b5e0430e7216748806e8b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
===========================
Django 3.2.18 release notes
===========================
*February 14, 2023*
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
|
