Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.2.15
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.2.16
Choose a head ref
  • 7 commits
  • 13 files changed
  • 2 contributors

Commits on Aug 6, 2024

  1. [4.2.x] Post-release version bump.

    @sarahboyce
    sarahboyce committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    ae0ca83 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE… 

    …-2024-42005 to security archive.

Backport of fdc638b from main.
    @sarahboyce
    sarahboyce committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    e0579ce View commit details
    Browse the repository at this point in the history

Commits on Aug 27, 2024

  1. [4.2.x] Added stub release notes and release date for 4.2.16. 

    Backport of 67efd42 from main.
    @nessita
    nessita committed Aug 27, 2024
    Configuration menu
    Copy the full SHA
    b07d4f2 View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed grammatical error in stub release notes for upcoming se… 

    …curity release.

Backport of b941de3 from main.
    @nessita
    nessita committed Aug 27, 2024
    Configuration menu
    Copy the full SHA
    705066d View commit details
    Browse the repository at this point in the history

Commits on Sep 3, 2024

  1. [4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and… 

    … urlizetrunc template filters.

Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
    @sarahboyce @nessita
    sarahboyce authored and nessita committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    d147a8e View commit details
    Browse the repository at this point in the history

  2. [4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password rese… 

    …t when email sending fails.

On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
    @nessita
    nessita committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    bf4888d View commit details
    Browse the repository at this point in the history

  3. [4.2.x] Bumped version for 4.2.16 release.

    @nessita
    nessita committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    6f9fea3 View commit details
    Browse the repository at this point in the history
Loading