Florian Apolloner
|
76ed1c49f8
|
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
|
Mariusz Felisiak
|
7deeabc7c7
|
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
2019-08-01 09:24:54 +02:00 |
|
Florian Apolloner
|
4b78420d25
|
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
|
Florian Apolloner
|
7f65974f82
|
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
|
2019-08-01 09:24:54 +02:00 |
|
Carlton Gibson
|
f13147c8de
|
Added stub release notes for security releases.
|
2019-07-25 10:49:30 +02:00 |
|