[Security] Bump django from 4.2.10 to 4.2.11
Bumps django from 4.2.10 to 4.2.11. This update includes a security fix.
Vulnerabilities fixed
Regular expression denial-of-service in Django In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Patched versions: 4.2.11 Affected versions: >= 4.2, < 4.2.11
Commits
-
61a986f
[4.2.x] Bumped version for 4.2.11 release. -
3c9a277
[4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). -
7973951
[4.2.x] Added release date for 4.2.11 and 3.2.25. -
86d8034
[4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unle... -
cb173bb
[4.2.x] Fixed #35172 -- Fixed intcomma for string floats. -
227ef29
[4.2.x] Added CVE-2024-24680 to security archive. -
e2f1907
[4.2.x] Post release version bump. - See full diff in compare view