Django 6.0.dev20250303103700 documentation

Home | Table of contents | Index | Modules

« previous | up | next »

Django 4.2.11 release notes¶

March 4, 2024

Django 4.2.11 fixes a security issue with severity “moderate” and a regression in 4.2.10.

CVE-2024-27351: Potential regular expression denial-of-service in `django.utils.text.Truncator.words()`¶

django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE 2019-14232 and CVE 2023-43665).

Bugfixes¶

Fixed a regression in Django 4.2.10 where intcomma template filter could return a leading comma for string representation of floats (#35172).

« previous | up | next »

Django 6.0.dev20250303103700 documentation

Django 4.2.11 release notes¶

CVE-2024-27351: Potential regular expression denial-of-service in `django.utils.text.Truncator.words()`¶

Bugfixes¶

Table of Contents

Previous topic

Next topic

This Page

Last update:

Django 6.0.dev20250303103700 documentation

Django 4.2.11 release notes¶

CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()¶

Bugfixes¶

Last update:

CVE-2024-27351: Potential regular expression denial-of-service in `django.utils.text.Truncator.words()`¶