Django 5.0.2 release notes
February 6, 2024
Django 5.0.2 fixes a security issue with severity “moderate” and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated.
CVE-2024-24680: Potential denial-of-service in intcomma
template filter
The intcomma
template filter was subject to a potential denial-of-service attack when used with very long strings.
Bugfixes
- Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in ModelAdmin.list_filter (#35087).
- Fixed a regression in Django 5.0 where links in the admin had an incorrect color (#35121).
- Fixed a bug in Django 5.0 that caused a crash of
Model.full_clean()
on models with aGeneratedField
(#35127). - Fixed a regression in Django 5.0 that caused a crash of
FilteredRelation()
with querysets as right-hand sides (#35135).FilteredRelation()
now raises aValueError
on querysets as right-hand sides. - Fixed a regression in Django 5.0 that caused a crash of the
dumpdata
management command when a base queryset usedprefetch_related()
(#35159). - Fixed a regression in Django 5.0 that caused the
request_finished
signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (#35059). - Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a
BinaryField
,TextField
,JSONField
, orGeometryField
with adb_default
(#35162). - Fixed a bug in Django 5.0 that caused a migration crash on models with a literal
db_default
of a complex type such asdict
instance of aJSONField
. Runningmakemigrations
might generate no-opAlterField
operations for fields usingdb_default
(#35149).