Django 3.2.18 release notes

February 14, 2023

Django 3.2.18 fixes a security issue with severity “moderate” in 3.2.17.

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads

Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

The number of files parts parsed is now limited via the new DATA_UPLOAD_MAX_NUMBER_FILES setting.

Back to Top