blob: a3a90986ff27aebbac87ee8157a38f78aaf81b89 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
===========================
Django 3.2.25 release notes
===========================
*March 4, 2024*
Django 3.2.25 fixes a security issue with severity "moderate" and a regression
in 3.2.24.
CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()``
=========================================================================================================
``django.utils.text.Truncator.words()`` method (with ``html=True``) and
:tfilter:`truncatewords_html` template filter were subject to a potential
regular expression denial-of-service attack using a suitably crafted string
(follow up to :cve:`2019-14232` and :cve:`2023-43665`).
Bugfixes
========
* Fixed a regression in Django 3.2.24 where ``intcomma`` template filter could
return a leading comma for string representation of floats (:ticket:`35172`).
|
