Natalia
|
1062bf7302
|
Made cosmetic edits to 5.0.7 release notes.
|
2024-07-09 09:36:54 -03:00 |
|
Sarah Boyce
|
9e9792228a
|
Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
|
2024-07-09 09:21:19 -03:00 |
|
Natalia
|
fe4a0bbe20
|
Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
|
2024-07-09 09:21:19 -03:00 |
|
Michael Manfre
|
5d86458579
|
Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
|
2024-07-09 09:21:19 -03:00 |
|
Adam Johnson
|
d666457453
|
Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
2024-07-09 09:21:19 -03:00 |
|
Mark Gensler
|
1005c2abd1
|
Fixed #35560 -- Made Model.full_clean() ignore GeneratedFields for constraints.
Accessing generated field values on unsaved models caused a crash when
validating CheckConstraints and UniqueConstraints with expressions.
|
2024-07-04 11:45:15 +02:00 |
|
Natalia
|
89557d4c66
|
Added stub release notes and release date for 5.0.7 and 4.2.14.
|
2024-07-03 14:09:34 -03:00 |
|
Natalia
|
adae619426
|
Updated release date for Django 5.0.7.
|
2024-05-31 10:45:30 -03:00 |
|
Natalia
|
b79ac89c57
|
Added stub release notes for 5.0.7.
|
2024-05-07 15:06:02 -03:00 |
|