Django 5.0.11 リリースノート¶

CVE-2024-56374: IPv6 検証における潜在的な DoS 攻撃の脆弱性¶

Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address were vulnerable, as was the django.forms.GenericIPAddressField form field, which has now been updated to define a max_length of 39 characters.

django.db.models.GenericIPAddressField モデルフィールドは影響されませんでした。