Django 5.1.8 release notes

April 2, 2025

Django 5.1.8 fixes a security issue with severity "moderate" and several bugs in 5.1.7.

CVE-2025-27556: Potential denial-of-service vulnerability in LoginView, LogoutView, and set_language() on Windows

Python's NFKC normalization is slow on Windows. As a consequence, LoginView, LogoutView, and set_language() were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

漏洞修复

  • Fixed a regression in Django 5.1.7 where the removal of the single_object parameter unintentionally altered the signature and return type of LogEntryManager.log_actions() (#36234).

« previous | up | next »