Halaman utama Jelajahi Bantuan
Masuk
CityApper
/
django
cermin dari https://github.com/django/django
2
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 8124c42601
Ranting Tag
django
/
docs
/
releases
/
3.2.22.txt

3.2.22.txt 1.1 KB
Riwayat Mentahan

12345678910111213141516171819202122232425 
  1. ===========================
    2. 

  2. Django 3.2.22 release notes
    3. 

  3. ===========================
    4. 

  4. 

  5. *October 4, 2023*
    6. 

  6. 

  7. Django 3.2.22 fixes a security issue with severity "moderate" in 3.2.21.
    8. 

  8. 

  9. CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``
    10. 

  10. ================================================================================
    11. 

  11. 

  12. Following the fix for :cve:`2019-14232`, the regular expressions used in the
    13. 

  13. implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``
    14. 

  14. methods (with ``html=True``) were revised and improved. However, these regular
    15. 

  15. expressions still exhibited linear backtracking complexity, so when given a
    16. 

  16. very long, potentially malformed HTML input, the evaluation would still be
    17. 

  17. slow, leading to a potential denial of service vulnerability.
    18. 

  18. 

  19. The ``chars()`` and ``words()`` methods are used to implement the
    20. 

  20. :tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
    21. 

  21. filters, which were thus also vulnerable.
    22. 

  22. 

  23. The input processed by ``Truncator``, when operating in HTML mode, has been
    24. 

  24. limited to the first five million characters in order to avoid potential
    25. 

  25. performance and memory issues.
    26.