Django security updates released. A potential denial of service vulnerability has been discovered in the regular expressions used by Django form library’s EmailField and URLField—a malicious input could trigger a pathological performance. Patches (and patched releases) for Django 1.1 and Django 1.0 have been published.
Sign in with 
OpenID
I'd like to understand better what causes the backtracking. I knew REs were vulnerable to that kind of thing, but not sure how I'd spot one where it's possible.
Jeremy Dunck - 10th October 2009 01:00 - #
Jeremy: https://docs.google.com/gview?url=http://www.check marx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2 009_ReDoS.pdf is a good resource on this kind of DoS
Alex Gaynor - 10th October 2009 01:19 - #
Alex, excellent link, thanks.
Jeremy Dunck - 10th October 2009 05:52 - #
Does anyone know why the updated regexp allows a trailing period (.) character in email addresses? The previous version didn't.
Martin - 10th October 2009 19:19 - #