django/docs/releases/5.0.13.txt

===========================
Django 5.0.13 release notes
===========================

*March 6, 2025*

Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12.

CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
=========================================================================================

The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
potential denial-of-service attack when used with very long strings.
[5.2.x] Added stub release notes and release date for 5.1.7, 5.0.13, and 4.2.20. Backport of ea1e3703bee28bfbe4f32ceb39ad31763353b143 from main. 2025-02-27 16:03:26 +01:00			`===========================`
			`Django 5.0.13 release notes`
			`===========================`

			`March 6, 2025`

			`Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12.`
[5.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main. 2025-02-25 09:40:54 +01:00
			CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
			`=========================================================================================`

			The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
			`potential denial-of-service attack when used with very long strings.`