mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-02-28 11:34:28 +00:00
Code Issues 32 Releases Wiki Activity
django/django
History
Mariusz Felisiak f663277a4c [4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to properly validate IPv6 and IPvFuture addresses. 
Refs Python CVE-2024-11168. Django should not affected, but others who
incorrectly use internal function _urlsplit() with unsanitized input
could be at risk.

https://github.com/python/cpython/pull/103849
2024-12-03 09:50:11 +01:00
..
apps
conf
[4.2.x] Fixed #34821 -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings from mutating the main STORAGES.
2023-09-11 13:04:55 +02:00
contrib
[4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
2024-09-03 09:42:25 -03:00
core
[4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
2024-07-09 10:40:48 -03:00
db
[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
2024-07-31 16:12:35 +02:00
dispatch
forms
[4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
2023-07-03 08:19:23 +02:00
http
[4.2.x] Refs #34482 -- Reverted "Fixed #32969 -- Fixed pickling HttpResponse and subclasses."
2023-04-12 18:53:29 +02:00
middleware
[4.2.x] Fixed #34515 -- Made LocaleMiddleware prefer language from paths when i18n patterns are used.
2023-05-02 06:33:23 +02:00
template
[4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
2024-07-31 16:11:59 +02:00
templatetags
Used more augmented assignment statements.
2022-10-31 12:30:13 +01:00
test
[4.2.x] Refs #34118 -- Fixed stacklevel in complex_setting_changed on Python 3.12.
2023-11-19 16:29:13 +01:00
urls
[4.2.x] Fixed #34515 -- Made LocaleMiddleware prefer language from paths when i18n patterns are used.
2023-05-02 06:33:23 +02:00
utils
[4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to properly validate IPv6 and IPvFuture addresses.
2024-12-03 09:50:11 +01:00
views
[4.2.x] Fixed #34588 -- Removed usage of nonexistent stylesheet in the 'Congrats' page.
2023-05-22 11:52:03 +02:00
__init__.py
[4.2.x] Post-release version bump.
2024-09-03 09:46:50 -03:00
__main__.py
shortcuts.py