Django 4.1.7 release notes¶

February 14, 2023

Django 4.1.7 fixes a security issue with severity “moderate” and a bug in 4.1.6.

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads¶

Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

The number of files parts parsed is now limited via the new DATA_UPLOAD_MAX_NUMBER_FILES setting.

Bugfixes¶

Fixed a bug in Django 4.1 that caused a crash of model validation on ValidationError with no code (#34319).

Django 4.1.8 release notes

Django 4.1.6 release notes

Additional Information

This document is for Django's development version, which can be significantly different from previous releases. For older releases, use the version selector floating in the bottom right corner of this page.

Documentation

Django 4.1.7 release notes¶

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads¶

Bugfixes¶

Additional Information

Support Django!

Contents

Browse

You are here:

Getting help

Download:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us