4861974dcb
=========================== Django 3.2.18 release notes =========================== *February 14, 2023* Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17. CVE-2023-24580: Potential denial-of-service vulnerability in file uploads ========================================================================= Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. The number of files parts parsed is now limited via the new :setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting. =========================== Django 3.2.17 release notes =========================== *February 1, 2023* Django 3.2.17 fixes a security issue with severity "moderate" in 3.2.16. CVE-2023-23969: Potential denial-of-service via ``Accept-Language`` headers =========================================================================== The parsed values of ``Accept-Language`` headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if large header values are sent. In order to avoid this vulnerability, the ``Accept-Language`` header is now parsed up to a maximum length. |
||
|---|---|---|
| .. | ||
| ALTERNATIVES | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||