January 14, 2025
Django 5.1.5 fixes a security issue with severity "moderate" and one bug in 5.1.4.
Lack of upper bound limit enforcement in strings passed when performing IPv6
validation could lead to a potential denial-of-service attack. The undocumented
and private functions clean_ipv6_address and is_valid_ipv6_address were
vulnerable, as was the django.forms.GenericIPAddressField form field,
which has now been updated to define a max_length of 39 characters.
The django.db.models.GenericIPAddressField model field was not
affected.
修复了在应用迁移时引用已移除的 Meta.index_together 选项时崩溃的问题(#34856)。
5月 02, 2025