Florian Apolloner
|
cf694e6852
|
[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
|
2019-07-29 11:06:54 +02:00 |
Mariusz Felisiak
|
4f5b58f5cd
|
[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
2019-07-29 11:06:54 +02:00 |
|
Florian Apolloner
|
e34f3c0e9e
|
[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
|
2019-07-29 11:06:54 +02:00 |
|
Florian Apolloner
|
c3289717c6
|
[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
|
2019-07-29 11:00:01 +02:00 |
Carlton Gibson
|
ea57c8a345
|
[2.2.x] Added stub release notes for security releases.
Backport of f13147c8de from master
|
2019-07-25 10:50:18 +02:00 |