test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
django/docs/releases/1.11.19.txt

19 lines
722 B
Plaintext
Raw Normal View History

Added stub release notes for security releases.
2019-02-07 22:46:53 +08:00
============================
Django 1.11.19 release notes
============================
*February 11, 2019*
Django 1.11.19 fixes a security issue in 1.11.18.
Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
2019-02-11 18:08:45 +08:00
CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
--------------------------------------------------------------------------
If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 13:07:23 +08:00
as the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates filters
-- received a ``Decimal`` with a large number of digits or a large exponent, it
could lead to significant memory usage due to a call to ``'{:f}'.format()``.
Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
2019-02-11 18:08:45 +08:00
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.