blob: 230bfed652e0d3754d60c2f87538968b14b227d4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
===========================
Django 5.0.14 release notes
===========================
*April 2, 2025*
Django 5.0.14 fixes a security issue with severity "moderate" in 5.0.13.
CVE-2025-27556: Potential denial-of-service vulnerability in ``LoginView``, ``LogoutView``, and ``set_language()`` on Windows
=============================================================================================================================
Python's :func:`NFKC normalization <python:unicodedata.normalize>` is slow on
Windows. As a consequence, :class:`~django.contrib.auth.views.LoginView`,
:class:`~django.contrib.auth.views.LogoutView`, and
:func:`~django.views.i18n.set_language` were subject to a potential
denial-of-service attack via certain inputs with a very large number of Unicode
characters.
|
