django/docs/releases/4.2.14.txt

===========================
Django 4.2.14 release notes
===========================

*July 9, 2024*

Django 4.2.14 fixes two security issues with severity "moderate" and two
security issues with severity "low" in 4.2.13.

CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================

:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via certain inputs with a very large number of
brackets.
Added stub release notes and release date for 5.0.7 and 4.2.14. 2024-07-03 19:09:34 +02:00			`===========================`
			`Django 4.2.14 release notes`
			`===========================`

			`July 9, 2024`

			`Django 4.2.14 fixes two security issues with severity "moderate" and two`
			`security issues with severity "low" in 4.2.13.`

Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2024-06-24 15:30:59 +02:00			CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
			`===========================================================================================`

			:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
			`denial-of-service attack via certain inputs with a very large number of`
			`brackets.`