Django 5.0.2 release notes¶
February 6, 2024
Django 5.0.2 fixes a security issue with severity “moderate” and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated.
CVE-2024-24680: Potential denial-of-service in intcomma template filter¶
The intcomma template filter was subject to a potential denial-of-service
attack when used with very long strings.
Bugfixes¶
Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in
ModelAdmin.list_filter(#35087).Fixed a regression in Django 5.0 where links in the admin had an incorrect color (#35121).
Fixed a bug in Django 5.0 that caused a crash of
Model.full_clean()on models with aGeneratedField(#35127).Fixed a regression in Django 5.0 that caused a crash of
FilteredRelation()with querysets as right-hand sides (#35135).FilteredRelation()now raises aValueErroron querysets as right-hand sides.Fixed a regression in Django 5.0 that caused a crash of the
dumpdatamanagement command when a base queryset usedprefetch_related()(#35159).Fixed a regression in Django 5.0 that caused the
request_finishedsignal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (#35059).Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a
BinaryField,TextField,JSONField, orGeometryFieldwith adb_default(#35162).Fixed a bug in Django 5.0 that caused a migration crash on models with a literal
db_defaultof a complex type such asdictinstance of aJSONField. Runningmakemigrationsmight generate no-opAlterFieldoperations for fields usingdb_default(#35149).
