310d70cb08
Fixes the following security issues: CVE-2024-53907: Potential denial-of-service in django.utils.html.strip_tags() The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle is subject to SQL injection if untrusted data is used as a lhs value. Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected. https://www.djangoproject.com/weblog/2024/dec/04/security-releases/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| python-django.hash | ||
| python-django.mk | ||