首頁 探索 說明
登入
CityApper
/
django
镜像来自 https://github.com/django/django
2
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 96d8404771
分支列表 標籤列表
django
/
docs
/
releases
/
5.0.9.txt

5.0.9.txt 1.1 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526 
  1. ===========================
    2. 

  2. Django 5.0.9 release notes
    3. 

  3. ===========================
    4. 

  4. 

  5. *September 3, 2024*
    6. 

  6. 

  7. Django 5.0.9 fixes one security issue with severity "moderate" and one security
    8. 

  8. issue with severity "low" in 5.0.8.
    9. 

  9. 

  10. CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
    11. 

  11. ===========================================================================================
    12. 

  12. 

  13. :tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
    14. 

  14. denial-of-service attack via very large inputs with a specific sequence of
    15. 

  15. characters.
    16. 

  16. 

  17. CVE-2024-45231: Potential user email enumeration via response status on password reset
    18. 

  18. ======================================================================================
    19. 

  19. 

  20. Due to unhandled email sending failures, the
    21. 

  21. :class:`~django.contrib.auth.forms.PasswordResetForm` class allowed remote
    22. 

  22. attackers to enumerate user emails by issuing password reset requests and
    23. 

  23. observing the outcomes.
    24. 

  24. 

  25. To mitigate this risk, exceptions occurring during password reset email sending
    26. 

  26. are now handled and logged using the :ref:`django-contrib-auth-logger` logger.
    27.