Django 5.2.9 release notes¶

CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL¶

FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL.

CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer¶

XML Serialization was subject to a potential denial-of-service attack due to quadratic time complexity when deserializing crafted documents containing many nested invalid elements. The internal helper django.core.serializers.xml_serializer.getInnerText() previously accumulated inner text inefficiently during recursion. It now collects text per element, avoiding excessive resource usage.

Bugfixes¶

• Fixed a bug in Django 5.2 where django.utils.feedgenerator.Stylesheet.__str__() did not escape the url, mimetype, and media attributes, potentially leading to invalid XML markup (#36733).

• Fixed a bug in Django 5.2 on PostgreSQL where bulk_create() did not apply a field’s custom query placeholders (#36748).

• Fixed a regression in Django 5.2.2 that caused a crash when using aggregate functions with an empty Q filter over a queryset with annotations (#36751).

• Fixed a regression in Django 5.2.8 where DisallowedRedirect was raised by HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 characters. The limit is now 16384 characters (#36743).

• Fixed a crash on Python 3.14+ that prevented template tag functions from being registered when their type annotations required deferred evaluation (#36712).