The web framework for perfectionists with deadlines.

Documentation

Django 4.2.21 release notes

May 7, 2025

Django 4.2.21 fixes a security issue with severity “moderate”, a data loss bug, and a regression in 4.2.20.

This release was built using an upgraded setuptools, producing filenames compliant with PEP 491 and PEP 625 and thus addressing a PyPI warning about non-compliant distribution filenames. This change only affects the Django packaging process and does not impact Django’s behavior.

CVE-2025-32873: Denial-of-service possibility in strip_tags()

strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags template filter, which was thus also vulnerable.

strip_tags() now raises a SuspiciousOperation exception if it encounters an unusually large number of unclosed opening tags.

Bugfixes

  • Fixed a data corruption possibility in file_move_safe() when allow_overwrite=True, where leftover content from a previously larger file could remain after overwriting with a smaller one due to lack of truncation (#36298).

  • Fixed a regression in Django 4.2.20, introduced when fixing CVE 2025-26699, where the wordwrap template filter did not preserve empty lines between paragraphs after wrapping text (#36341).

Back to Top

Additional Information

Support Django!

Support Django!

Contents

Getting help

FAQ
Try the FAQ — it's got answers to many common questions.
Index, Module Index, or Table of Contents
Handy when looking for specific information.
Django Discord Server
Join the Django Discord Community.
Official Django Forum
Join the community on the Django Forum.
Ticket tracker
Report bugs with Django or Django documentation in our ticket tracker.

Offline (Django 4.2): HTML | PDF | ePub
Provided by Read the Docs.