AAP-58110 Update django version for CVE (ansible#881)

bhavenst · web-flow · commit 43982875957b · 2025-11-17T14:22:53.000-07:00
CVE-2025-64459 requires update of django to 4.2.26+ (or 5.2.8+ or 5.1.14+) due to an SQL injection vulnerability
diff --git a/requirements/requirements.in b/requirements/requirements.in
@@ -3,7 +3,7 @@
 # if you are add a new feature which requires dependencies they should be in a separate requirements_<feature>.in file
 #
 cryptography
-Django>=4.2.21,<6.0
+Django>=4.2.26,<6.0    # Updating for CVE-2025-64459
 djangorestframework
 django-crum
 inflection
diff --git a/requirements/requirements_all.txt b/requirements/requirements_all.txt
@@ -24,7 +24,7 @@ defusedxml==0.8.0rc2
     # via
     #   python3-openid
     #   social-auth-core
-django==5.2.7
+django==5.2.8
     # via
     #   -r requirements/requirements.in
     #   channels
diff --git a/requirements/requirements_dev.txt b/requirements/requirements_dev.txt
@@ -1,7 +1,7 @@
 ansible                 # Used in build process to generate some configs
 black==25.1.0           # Linting tool, if changed update pyproject.toml as well
 build
-django==5.2.7
+django==5.2.8
 django-debug-toolbar
 django-extensions
 djangorestframework

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`# if you are add a new feature which requires dependencies they should be in a separate requirements_<feature>.in file`
`4`	`4`	`#`
`5`	`5`	`cryptography`
`6`		`-Django>=4.2.21,<6.0`
	`6`	`+Django>=4.2.26,<6.0 # Updating for CVE-2025-64459`
`7`	`7`	`djangorestframework`
`8`	`8`	`django-crum`
`9`	`9`	`inflection`