Django 5.0.11 release notes¶

January 14, 2025

Django 5.0.11 fixes a security issue with severity “moderate” in 5.0.10.

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation¶

Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address were vulnerable, as was the django.forms.GenericIPAddressField form field, which has now been updated to define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.

Django 5.0.12 release notes

Django 5.0.10 release notes

Django 5.0.11 release notes
- CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation

Browse

FAQ: Try the FAQ — it's got answers to many common questions.
Index, Module Index, or Table of Contents: Handy when looking for specific information.
#django IRC channel: Ask a question in the #django IRC channel, or search the IRC logs to see if it’s been asked before.
Django Discord Server: Join the Django Discord Community.
Official Django Forum: Join the community on the Django Forum.
Ticket tracker: Report bugs with Django or Django documentation in our ticket tracker.

Download:

Offline (Django 5.2): HTML | PDF | ePub
Provided by Read the Docs.

Documentation

Django 5.0.11 release notes¶

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation¶

Additional Information

Support Django!

Contents

Browse

You are here:

Getting help

Download:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us