File: 5.0.11.txt

package info (click to toggle)
python-django 3%3A5.2.5-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 61,236 kB
  • sloc: python: 361,585; javascript: 19,250; xml: 211; makefile: 182; sh: 28
file content (19 lines) | stat: -rw-r--r-- 806 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
===========================
Django 5.0.11 release notes
===========================

*January 14, 2025*

Django 5.0.11 fixes a security issue with severity "moderate" in 5.0.10.

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation
============================================================================

Lack of upper bound limit enforcement in strings passed when performing IPv6
validation could lead to a potential denial-of-service attack. The undocumented
and private functions ``clean_ipv6_address`` and ``is_valid_ipv6_address`` were
vulnerable, as was the  :class:`django.forms.GenericIPAddressField` form field,
which has now been updated to define a ``max_length`` of 39 characters.

The :class:`django.db.models.GenericIPAddressField` model field was not
affected.