django-planet

Carlton Gibson & Mariusz Felisiak

Blog Info The Django weblog
Blog website Link

Django security releases issued: 4.1.6, 4.0.9, and 3.2.17

Feb. 1, 2023 » The Django weblog » [Archived Version]

In accordance with our security release policy, the Django team is issuing Django 4.1.6, Django 4.0.9, and Django 3.2.17. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-23969: Potential denial-of-service via Accept-Language headers The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if larg…

Read More