[5.2.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.

The fix landed in a8cf8c292c will be backported to 5.1 and 4.2 since the 2048 limit was rolled out as part of the security release for CVE-2025-64458. Backport of 18b13cf6c4 from main.
2026-02-09 02:49:25 +08:00 · 2025-11-26 17:22:53 -03:00
parent 0ae15bb52e
commit 2171933c5a
2 changed files with 8 additions and 2 deletions
--- a/docs/releases/4.2.27.txt
+++ b/docs/releases/4.2.27.txt
@@ -10,4 +10,7 @@ with severity "moderate", and one bug in 4.2.26.
 Bugfixes
 ========

-* ...
+* Fixed a regression in Django 4.2.26 where ``DisallowedRedirect`` was raised
+  by :class:`~django.http.HttpResponseRedirect` and
+  :class:`~django.http.HttpResponsePermanentRedirect` for URLs longer than 2048
+  characters. The limit is now 16384 characters (:ticket:`36743`).
--- a/docs/releases/5.1.15.txt
+++ b/docs/releases/5.1.15.txt
@@ -10,4 +10,7 @@ with severity "moderate", and one bug in 5.1.14.
 Bugfixes
 ========

-* ...
+* Fixed a regression in Django 5.1.14 where ``DisallowedRedirect`` was raised
+  by :class:`~django.http.HttpResponseRedirect` and
+  :class:`~django.http.HttpResponsePermanentRedirect` for URLs longer than 2048
+  characters. The limit is now 16384 characters (:ticket:`36743`).