An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
This PR contains the following updates:
==3.2.20->==3.2.23GitHub Vulnerability Alerts
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Release Notes
django/django (Django)
### [`v3.2.23`](https://togithub.com/django/django/compare/3.2.22...3.2.23) [Compare Source](https://togithub.com/django/django/compare/3.2.22...3.2.23) ### [`v3.2.22`](https://togithub.com/django/django/compare/3.2.21...3.2.22) [Compare Source](https://togithub.com/django/django/compare/3.2.21...3.2.22) ### [`v3.2.21`](https://togithub.com/django/django/compare/3.2.20...3.2.21) [Compare Source](https://togithub.com/django/django/compare/3.2.20...3.2.21)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.