Django 5.1.14 release notes — Django 6.0.4 documentation(2026)
Django 5.1.14 release notes¶
November 5, 2025
Django 5.1.14 fixes one security issue with severity "high" and one security issue with severity "moderate" in 5.1.13.
CVE-2025-64458: Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows¶
Python's NFKC normalization is slow on
Windows. As a consequence, HttpResponseRedirect,
HttpResponsePermanentRedirect, and the shortcut
redirect() were subject to a potential
denial-of-service attack via certain inputs with a very large number of Unicode
characters (follow up to CVE 2025-27556).
CVE-2025-64459: Potential SQL injection via _connector keyword argument¶
QuerySet.filter(), exclude(), get(),
and Q were subject to SQL injection using a suitably crafted
dictionary, with dictionary expansion, as the _connector argument.
Last update:
4月 20, 2026
本文整理自 Django 6.0 官方中文文档,转载请注明出处。
上一篇:Django 5.1.13 release notes — Django 6.0.4 documentation(2026)
下一篇:Django 5.1.14 release notes — Django 6.0.4 documentation(2026)