What's Changed
-
Upgraded django to v5.2.16 by @NyanKiyoshi in #19438
Fixes:
- CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
- CVE-2026-53877: Heap buffer over-read in GDALRaster
- CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
More details: https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
Full Changelog: 3.23.16...3.23.17