mirror of
https://github.com/django/django.git
synced 2025-08-04 19:08:28 +00:00
ca2be7724e
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz Felisiak for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
26 lines
957 B
Text
26 lines
957 B
Text
==========================
|
|
Django 5.1.5 release notes
|
|
==========================
|
|
|
|
*January 14, 2025*
|
|
|
|
Django 5.1.5 fixes a security issue with severity "moderate" and one bug in
|
|
5.1.4.
|
|
|
|
CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation
|
|
============================================================================
|
|
|
|
Lack of upper bound limit enforcement in strings passed when performing IPv6
|
|
validation could lead to a potential denial-of-service attack. The undocumented
|
|
and private functions ``clean_ipv6_address`` and ``is_valid_ipv6_address`` were
|
|
vulnerable, as was the :class:`django.forms.GenericIPAddressField` form field,
|
|
which has now been updated to define a ``max_length`` of 39 characters.
|
|
|
|
The :class:`django.db.models.GenericIPAddressField` model field was not
|
|
affected.
|
|
|
|
Bugfixes
|
|
========
|
|
|
|
* Fixed a crash when applying migrations with references to the removed
|
|
``Meta.index_together`` option (:ticket:`34856`).
|