http://www.djangoproject.com/weblog/2009/oct/09/security/
Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in this regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effective denial-of-service attack.
Please login to add feedback.
This update has been pushed to testing
Marking as stable since this is a security update.
This update has been submitted for stable
This update has been pushed to stable