#36743: Max URL length of 2048 is too conservative for redirect targets
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Varun
| Kasyap Pentamaraju
Type: Bug | Status: closed
Component: HTTP handling | Version: 4.2
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Natalia <124304+nessita@…>):
In [changeset:"ca4251d04e4b1de7d1a365f1b9928de04728e048" ca4251d0]:
{{{#!CommitTicketReference repository=""
revision="ca4251d04e4b1de7d1a365f1b9928de04728e048"
[5.1.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.
The fix landed in a8cf8c292cfee98fe6cc873ca5221935f1d02271 will be
backported to 5.1 and 4.2 since the 2048 limit was rolled out as part of
the security release for CVE-2025-64458.
Backport of 18b13cf6c48ff0a20b2a74d3b90d1fc1602608e4 from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36743#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019ac266ea95-ee6f0c47-13db-4505-b4e5-85cf30aeb52e-000000%40eu-central-1.amazonses.com.
