2023-02-01 20:18:34 +08:00
|
|
|
==========================
|
|
|
|
Django 4.1.7 release notes
|
|
|
|
==========================
|
|
|
|
|
2023-02-02 18:54:09 +08:00
|
|
|
*February 14, 2023*
|
2023-02-01 20:18:34 +08:00
|
|
|
|
2022-12-13 17:27:39 +08:00
|
|
|
Django 4.1.7 fixes a security issue with severity "moderate" and a bug in
|
|
|
|
4.1.6.
|
2023-02-02 18:54:09 +08:00
|
|
|
|
2022-12-13 17:27:39 +08:00
|
|
|
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
|
|
|
|
=========================================================================
|
|
|
|
|
|
|
|
Passing certain inputs to multipart forms could result in too many open files
|
|
|
|
or memory exhaustion, and provided a potential vector for a denial-of-service
|
|
|
|
attack.
|
|
|
|
|
|
|
|
The number of files parts parsed is now limited via the new
|
|
|
|
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
|
2023-02-01 20:18:34 +08:00
|
|
|
|
|
|
|
Bugfixes
|
|
|
|
========
|
|
|
|
|
2023-02-08 23:38:55 +08:00
|
|
|
* Fixed a bug in Django 4.1 that caused a crash of model validation on
|
|
|
|
``ValidationError`` with no ``code`` (:ticket:`34319`).
|