Django 5.1.8 release notes¶
April 2, 2025
Django 5.1.8 fixes a security issue with severity “moderate” and several bugs in 5.1.7.
CVE-2025-27556: Potential denial-of-service vulnerability in LoginView
, LogoutView
, and set_language()
on Windows¶
Python’s NFKC normalization
is slow on
Windows. As a consequence, LoginView
,
LogoutView
, and
set_language()
were subject to a potential
denial-of-service attack via certain inputs with a very large number of Unicode
characters.
Bugfixes¶
Fixed a regression in Django 5.1.7 where the removal of the
single_object
parameter unintentionally altered the signature and return type ofLogEntryManager.log_actions()
(#36234).