django

mirror of https://github.com/django/django.git synced 2026-02-09 02:49:25 +08:00

Files

Natalia a33540b3e2 Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

The `TruncateHTMLParser` used `deque.remove()` to remove tags from the
stack when processing end tags. With crafted input containing many
unmatched end tags, this caused repeated full scans of the tag stack,
leading to quadratic time complexity.

The fix uses LIFO semantics, only removing a tag from the stack when it
matches the most recently opened tag. This avoids linear scans for
unmatched end tags and reduces complexity to linear time.

Refs #30686 and 6ee37ada32.

Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for
reviews.

2026-02-03 07:54:16 -05:00

_ext

Applied Black's 2026 stable style.

2026-01-18 21:26:56 +01:00

_theme

Fixed docs build with sphinxcontrib-spelling 7.5.0+.

2022-05-31 11:17:01 +02:00

faq

Fixed #36329 -- Removed non-code custom link text when cross-referencing Python objects.

2025-10-29 11:32:12 -04:00

howto

Applied Black's 2026 stable style.

2026-01-18 21:26:56 +01:00

internals

Added documentation on reviewing patches.

2026-01-30 20:48:59 -05:00

intro

Fixed #36844 -- Clarified need for reusable apps to set default_auto_field in packaging tutorial and AppConfig docs.

2026-01-08 10:20:38 -05:00

man

Updated man page for Django 6.0 alpha 1.

2025-09-17 14:20:40 -03:00

misc

Refs #36485 -- Rewrapped docs to 79 columns line length.

2025-08-25 10:51:10 -03:00

ref

Added missing quotes around nonce in docs/ref/csp.txt.

2026-02-02 07:29:41 -05:00

releases

Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.

2026-02-03 07:54:16 -05:00

topics

Refs #34118 -- Removed asgiref coroutine detection shims.

2026-01-31 08:59:54 -05:00

conf.py

Bumped version; main is now 6.1 pre-alpha.

2025-09-17 15:17:05 -03:00

contents.txt

Ensured :doc: role uses absolute targets in docs.

2025-08-28 13:48:32 -03:00

glossary.txt

Refs #36485 -- Rewrapped docs to 79 columns line length.

2025-08-25 10:51:10 -03:00

index.txt

Refs #35859 -- Mentioned tasks in the docs index.

2025-09-24 09:47:47 +02:00

lint.py

Refs #36485 -- Corrected docs linter to detect too-long lines at file end.

2025-08-29 17:35:50 -04:00

make.bat

Fixed #36485 -- Added lint-docs check in Tox and GitHub Actions.

2025-08-25 10:51:10 -03:00

Makefile

Fixed #36485 -- Added lint-docs check in Tox and GitHub Actions.

2025-08-25 10:51:10 -03:00

README.rst

Refs #25778 -- Updated sphinx-doc.org links to HTTPS.

2020-01-29 06:04:15 +01:00

requirements.txt

Refs #36485 -- Added sphinx-lint support and make lint rule for docs.

2025-08-25 10:51:10 -03:00

spelling_wordlist

Added documentation on reviewing patches.

2026-01-30 20:48:59 -05:00

README.rst

The documentation in this tree is in plain text files and can be viewed using
any text file viewer.

It uses `ReST`_ (reStructuredText), and the `Sphinx`_ documentation system.
This allows it to be built into other forms for easier viewing and browsing.

To create an HTML version of the docs:

* Install Sphinx (using ``python -m pip install Sphinx`` or some other method).

* In this docs/ directory, type ``make html`` (or ``make.bat html`` on
  Windows) at a shell prompt.

The documentation in ``_build/html/index.html`` can then be viewed in a web
browser.

.. _ReST: https://docutils.sourceforge.io/rst.html
.. _Sphinx: https://www.sphinx-doc.org/