| Blog Info | The Django weblog |
|---|---|
| Blog website | Link |
March 4, 2024 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 5.0.3, Django 4.2.11, and Django 3.2.25. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression de…
Read MoreJan. 2, 2024 » The Django weblog » [Archived Version]
Today we've issued 5.0.1 and 4.2.9 bugfix releases. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
Read MoreNov. 1, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.7, Django 4.1.13, and Django 3.2.23. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField was subject to a potential denial of service attack via certain…
Read MoreSept. 4, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.5, Django 4.1.11, and Django 3.2.21. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() django.utils.encoding.uri_to_iri() was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Th…
Read MoreJuly 3, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.3, Django 4.1.10, and Django 3.2.20. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name l…
Read MoreMay 3, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.1, Django 4.1.9, and Django 3.2.19. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field Uploading multiple files using one form field has never been supported by forms.FileField or forms.ImageField as only the last uploaded file was validate…
Read MoreApril 5, 2023 » The Django weblog » [Archived Version]
Today we've issued the 4.1.8 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
Read MoreApril 3, 2023 » The Django weblog » [Archived Version]
The Django team is happy to announce the release of Django 4.2. This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years. It will also receive fixes for crashing bugs, major functionality bugs in newly-introduced features, and regressions from older versions of Django for the next eight months until December 2023. The release notes cover the farrago of new features in detail, but a few …
Read MoreMarch 20, 2023 » The Django weblog » [Archived Version]
Django 4.2 release candidate 1 is the final opportunity for you to try out the farrago of new features before Django 4.2 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, Django 4.2 will be released on or around April 3. Any delays will be communicated on the Django forum. Please use this opportunity to help find and fix bugs (which should be repo…
Read MoreFeb. 20, 2023 » The Django weblog » [Archived Version]
Django 4.2 beta 1 is now available. It represents the second stage in the 4.2 release cycle and is an opportunity for you to try out the changes coming in Django 4.2. Django 4.2 has a farrago of new features which you can read about in the in-development 4.2 release notes. Only bugs in new features and regressions from earlier versions of Django will be fixed between now and 4.2 final (also, translations will be updated following the "string freeze" when the release candidate is issue…
Read More