The web framework for perfectionists with deadlines.

文档
  • dev
  • 文档版本: 5.2

Django 4.2.26 release notes

November 5, 2025

Django 4.2.26 fixes one security issue with severity "high" and one security issue with severity "moderate" in 4.2.25.

CVE-2025-64458: Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

Python's NFKC normalization is slow on Windows. As a consequence, HttpResponseRedirect, HttpResponsePermanentRedirect, and the shortcut redirect() were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters (follow up to CVE 2025-27556).

CVE-2025-64459: Potential SQL injection via _connector keyword argument

QuerySet.filter(), exclude(), get(), and Q were subject to SQL injection using a suitably crafted dictionary, with dictionary expansion, as the _connector argument.

Back to Top

附加信息

Support Django!

Support Django!

内容

获取帮助

常见问题
尝试查看 FAQ — 它包括了很多常见问题的答案
索引, 模块索引, or 目录
查找特定信息时比较容易
Django Discord Server
Join the Django Discord Community.
Official Django Forum
Join the community on the Django Forum.
Ticket tracker
在我们的 `ticket tracker`_ 中报告 Django 或 Django 文档的 Bug。

离线(Django 5.2): HTML | PDF | ePub
Read the Docs 提供。

Diamond and Platinum Members