mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-25 16:09:27 +01:00
Code Issues Releases Wiki Activity
8618271caa
django/docs/releases/1.8.19.txt
Tim Graham 8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00

19 lines
731 B
Plaintext
Raw Blame History

===========================
Django 1.8.19 release notes
===========================
*March 6, 2018*
Django 1.8.19 fixes two security issues in 1.18.18.
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and ``urlizetrunc`` template filters
===============================================================================================
The ``django.utils.html.urlize()`` function was extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``urlize()`` function is used to implement the ``urlize`` and
``urlizetrunc`` template filters, which were thus vulnerable.
The problematic regular expression is replaced with parsing logic that behaves
similarly.
View Git Blame Copy Permalink