Django 4.1.2 release notes
- CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
- Bugfixes

Django 4.1.2 release notes

October 4, 2022

Django 4.1.2 fixes a security issue with severity “medium” and several bugs in 4.1.1.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

Internationalized URLs were subject to potential denial of service attack via the locale parameter.

Bugfixes

Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL when adding a model with ExclusionConstraint (#33982).
Fixed a regression in Django 4.1 that caused aggregation over a queryset that contained an Exists annotation to crash due to too many selected columns (#33992).
Fixed a bug in Django 4.1 that caused an incorrect validation of CheckConstraint on NULL values (#33996).
Fixed a regression in Django 4.1 that caused a QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg() (#34016).
Fixed a bug in Django 4.1 that caused ModelAdmin.autocomplete_fields to be incorrectly selected after adding/changing related instances via popups (#34025).
Fixed a regression in Django 4.1 where the app registry was not populated when running parallel tests with the multiprocessing start method spawn (#34010).
Fixed a regression in Django 4.1 where the --debug-mode argument to test did not work when running parallel tests with the multiprocessing start method spawn (#34010).
Fixed a regression in Django 4.1 that didn’t alter a sequence type when altering type of pre-Django 4.1 serial columns on PostgreSQL (#34058).
Fixed a regression in Django 4.1 that caused a crash for View subclasses with asynchronous handlers when handling non-allowed HTTP methods (#34062).
Reverted caching related managers for ForeignKey, ManyToManyField, and GenericRelation that caused the incorrect refreshing of related objects (#33984).
Relaxed the system check added in Django 4.1 for the same name used for multiple template tag modules to a warning (#32987).