CVE-2024-24680: Potential denial-of-service in intcomma template filter¶

The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Bugfixes¶

• Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in ModelAdmin.list_filter (#35087).

• Fixed a regression in Django 5.0 where links in the admin had an incorrect color (#35121).

• Fixed a bug in Django 5.0 that caused a crash of Model.full_clean() on models with a GeneratedField (#35127).

• Fixed a regression in Django 5.0 that caused a crash of FilteredRelation() with querysets as right-hand sides (#35135). FilteredRelation() now raises a ValueError on querysets as right-hand sides.

• Fixed a regression in Django 5.0 that caused a crash of the dumpdata management command when a base queryset used prefetch_related() (#35159).

• Fixed a regression in Django 5.0 that caused the request_finished signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (#35059).

• Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a BinaryField, TextField, JSONField, or GeometryField with a db_default (#35162).

• Fixed a bug in Django 5.0 that caused a migration crash on models with a literal db_default of a complex type such as dict instance of a JSONField. Running makemigrations might generate no-op AlterField operations for fields using db_default (#35149).