From 21fb7920c3cd5abc1aa862d5ceee1347976f5088 Mon Sep 17 00:00:00 2001
From: Jimmy Conner <jconner@ciq.com>
Date: Wed, 8 Apr 2026 13:06:33 -0500
Subject: [PATCH] Upgrade Django to resolve CVE-2026-3902 CVE-2026-33034
 CVE-2026-33033 CVE-2026-4292 CVE-2026-4277

---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index e1385e4a..57910d8d 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -12,7 +12,7 @@ cryptography>=46.0.6  # CVE-2026-34073
 Cython<3 # this is needed as a build dependency, one day we may have separated build deps
 daphne
 distro
-django>=5.2.12,<6.0 # CVE-2026-25674
+django>=5.2.13,<6.0 # CVE-2026-3902 CVE-2026-33034 CVE-2026-33033 CVE-2026-4292 CVE-2026-4277
 django-auth-ldap
 django-cors-headers
 django-extensions==4.1
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index f47cda4c..9448ad4a 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -119,7 +119,7 @@ defusedxml==0.7.1
     #   social-auth-core
 distro==1.9.0
     # via -r /awx_devel/requirements/requirements.in
-django==5.2.12
+django==5.2.13
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels