manuel.diener
f8e89786f9
Fixes the following security issues: - CVE-2025-13473 (low): Username enumeration through timing difference in mod_wsgi authentication handler - CVE-2025-14550 (moderate): Potential denial-of-service vulnerability via repeated headers when using ASGI - CVE-2026-1207 (high): Potential SQL injection via raster lookups on PostGIS - CVE-2026-1285 (moderate): Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods - CVE-2026-1287 (high): Potential SQL injection in column aliases via control characters - CVE-2026-1312 (high): Potential SQL injection via QuerySet.order_by and FilteredRelation See the release notes here: https://docs.djangoproject.com/en/dev/releases/6.0.2/ Also includes the bugfixes from version 6.0.1: https://docs.djangoproject.com/en/dev/releases/6.0.1/ Signed-off-by: Manuel Diener <manuel.diener@othermo.de> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Signed-off-by: Julien Olivain <ju.o@free.fr>