February 14, 2023
Django 4.1.7 fixes a security issue with severity "moderate" and a bug in 4.1.6.
Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
The number of files parts parsed is now limited via the new
DATA_UPLOAD_MAX_NUMBER_FILES
setting.
Fixed a bug in Django 4.1 that caused a crash of model validation on
ValidationError
with no code
(#34319).
Jan 15, 2024