Changelog
### 1.11.11
```
============================
*March 6, 2018*
Django 1.11.11 fixes two security issues in 1.11.10.
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and ``urlizetrunc`` template filters
===============================================================================================
The ``django.utils.html.urlize()`` function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two regular
expressions. The ``urlize()`` function is used to implement the ``urlize`` and
``urlizetrunc`` template filters, which were thus vulnerable.
The problematic regular expressions are replaced with parsing logic that
behaves similarly.
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters
==================================================================================================================
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were
passed the ``html=True`` argument, they were extremely slow to evaluate certain
inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to implement the
``truncatechars_html`` and ``truncatewords_html`` template filters, which were
thus vulnerable.
The backtracking problem in the regular expression is fixed.
============================
```
Links
- PyPI: https://pypi.python.org/pypi/django
- Changelog: https://pyup.io/changelogs/django/
- Homepage: https://www.djangoproject.com/
Update Django from 1.11.10 to 1.11.11.
Changelog
### 1.11.11 ``` ============================ *March 6, 2018* Django 1.11.11 fixes two security issues in 1.11.10. CVE-2018-7536: Denial-of-service possibility in ``urlize`` and ``urlizetrunc`` template filters =============================================================================================== The ``django.utils.html.urlize()`` function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The ``urlize()`` function is used to implement the ``urlize`` and ``urlizetrunc`` template filters, which were thus vulnerable. The problematic regular expressions are replaced with parsing logic that behaves similarly. CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters ================================================================================================================== If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were passed the ``html=True`` argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The ``chars()`` and ``words()`` methods are used to implement the ``truncatechars_html`` and ``truncatewords_html`` template filters, which were thus vulnerable. The backtracking problem in the regular expression is fixed. ============================ ```Links
- PyPI: https://pypi.python.org/pypi/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/Update dj-database-url from 0.4.2 to 0.5.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.python.org/pypi/dj-database-url - Repo: https://github.com/kennethreitz/dj-database-urlUpdate raven from 6.5.0 to 6.6.0.
Changelog
### 6.6.0 ``` ------------------ * [Core] Add trimming to breadcrumbs. * [Core] Improve host message at startup. * [Core] Update pytest to work on other environments ```Links
- PyPI: https://pypi.python.org/pypi/raven - Changelog: https://pyup.io/changelogs/raven/ - Repo: https://github.com/getsentry/raven-python