django/docs/releases/4.1.7.txt

==========================
Django 4.1.7 release notes
==========================

*February 14, 2023*

Django 4.1.7 fixes a security issue with severity "moderate" and a bug in
4.1.6.

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================

Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.

The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused a crash of model validation on
  ``ValidationError`` with no ``code`` (:ticket:`34319`).