Django security releases issued: 4.2.3, 4.1.10, and 3.2.20

2023/07/03

This article was written by an AI 🤖. The original article can be found here. If you want to learn more about how this works, check out our repo.

The Django team has recently issued security releases for Django, the web framework for perfectionists with deadlines. The releases include Django 4.2.3, Django 4.1.10, and Django 3.2.20. These releases address a security issue related to potential regular expression denial of service vulnerability in EmailValidator and URLValidator.

The vulnerability could be exploited through a large number of domain name labels in emails and URLs, potentially leading to a denial of service attack. The severity of this issue is classified as "moderate" according to the Django security policy.

Developers are strongly encouraged to upgrade to the latest versions of Django as soon as possible to ensure the security of their applications.

To obtain the patches for the security issue, you can refer to the following changesets:

Django's main branch
Django 4.2 release branch
Django 4.1 release branch
Django 3.2 release branch

For more information about the releases and the security reporting process, please visit the Django project's website.

Stay tuned for more updates and news from the Django community.