mirror of
https://github.com/django/django.git
synced 2025-03-13 10:50:55 +00:00
3cfa472644
Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
==========================
|
|
Django 5.1.7 release notes
|
|
==========================
|
|
|
|
*March 6, 2025*
|
|
|
|
Django 5.1.7 fixes a security issue with severity "moderate" and several bugs
|
|
in 5.1.6.
|
|
|
|
CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
|
|
=========================================================================================
|
|
|
|
The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
|
|
potential denial-of-service attack when used with very long strings.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a bug in Django 5.1 where the ``{% querystring %}`` template tag
|
|
returned an empty string rather than ``"?"`` when all parameters had been
|
|
removed from the query string (:ticket:`36182`).
|
|
|
|
* Fixed a bug in Django 5.1 where ``FileSystemStorage``, with
|
|
``allow_overwrite`` set to ``True``, did not truncate the overwritten file
|
|
content (:ticket:`36191`).
|
|
|
|
* Fixed a regression in Django 5.1 where the ``count`` and ``exists`` methods
|
|
of ``ManyToManyField`` related managers would always return ``0`` and
|
|
``False`` when the intermediary model back references used ``to_field``
|
|
(:ticket:`36197`).
|
|
|
|
* Fixed a regression in Django 5.1 where the ``pre_save`` and ``post_save``
|
|
signals for ``LogEntry`` were not sent when deleting a single object in the
|
|
admin (:ticket:`36217`).
|