The web framework for perfectionists with deadlines.

ドキュメント
  • dev
  • Documentation version: 5.2

Django 5.1.9 リリースノート

2025年5月7日

Django 5.1.9 では 5.1.8 における深刻度 "moderate" のセキュリティの問題、データ損失のバグ、リグレッションを修正しました。

This release was built using an upgraded setuptools, producing filenames compliant with PEP 491 and PEP 625 and thus addressing a PyPI warning about non-compliant distribution filenames. This change only affects the Django packaging process and does not impact Django's behavior.

CVE-2025-32873: strip_tags() における DoS 攻撃の可能性

strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags template filter, which was thus also vulnerable.

strip_tags() now raises a SuspiciousOperation exception if it encounters an unusually large number of unclosed opening tags.

バグ修正

  • Fixed a data corruption possibility in file_move_safe() when allow_overwrite=True, where leftover content from a previously larger file could remain after overwriting with a smaller one due to lack of truncation (#36298).

  • Fixed a regression in Django 5.1.8, introduced when fixing CVE 2025-26699, where the wordwrap template filter did not preserve empty lines between paragraphs after wrapping text (#36341).

Back to Top

Additional Information

Support Django!

Support Django!

Contents

Getting help

FAQ
Try the FAQ — it's got answers to many common questions.
Index, Module Index, or Table of Contents
Handy when looking for specific information.
Django Discord Server
Join the Django Discord Community.
Official Django Forum
Join the community on the Django Forum.
Ticket tracker
Report bugs with Django or Django documentation in our ticket tracker.

Offline (Django 5.2): HTML | PDF | ePub
Provided by Read the Docs.