Expected May 7, 2025
Django 4.2.21 fixes a security issue with severity “moderate”, a data loss bug, and a regression in 4.2.20.
strip_tags()¶strip_tags() would be slow to evaluate certain inputs
containing large sequences of incomplete HTML tags. This function is used to
implement the striptags template filter, which was thus also
vulnerable.
strip_tags() now raises a SuspiciousOperation
exception if it encounters an unusually large number of unclosed opening tags.
file_move_safe() when
allow_overwrite=True, where leftover content from a previously larger
file could remain after overwriting with a smaller one due to lack of
truncation (#36298).wordwrap template filter did not
preserve empty lines between paragraphs after wrapping text
(#36341).May 26, 2025