Skip to content

core: bump django from 5.2.7 to 5.2.8 #17967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Nov 6, 2025
Merged

core: bump django from 5.2.7 to 5.2.8 #17967

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
966839d
bump django from 5.2.7 to 5.2.8
melizeche Nov 5, 2025
a3f0ae1
longer urls
BeryJu Nov 5, 2025
07f8ee1
add debug statements
melizeche Nov 6, 2025
29447bb
Merge branch 'django_upg' of github.com:goauthentik/authentik into dj…
melizeche Nov 6, 2025
7f32fbb
Remove debug statements
melizeche Nov 6, 2025
6932ffa
import MAX_URL_LENGTH constant from django.http.response
melizeche Nov 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions authentik/root/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from pathlib import Path

import orjson
from django.http import response as http_response
from sentry_sdk import set_tag
from xmlsec import enable_debug_trace

Expand Down Expand Up @@ -472,6 +473,12 @@
},
}

# Django 5.2.8 and CVE-2025-64458 added a strong enforcement of 2048 characters
# as the maximum for a URL to redirect to, mostly for running on windows.
# However our URLs can easily exceed that with OAuth/SAML Query parameters or hash values
# 8192 should cover most cases..
http_response.MAX_URL_LENGTH = http_response.MAX_URL_LENGTH * 4


# Media files
if CONFIG.get("storage.media.backend", "file") == "s3":
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ dependencies = [
"dacite==1.9.2",
"deepmerge==2.0",
"defusedxml==0.7.1",
"django==5.2.7",
"django==5.2.8",
"django-channels-postgres",
"django-countries==7.6.1",
"django-cte==2.0.0",
Expand Down
12 changes: 7 additions & 5 deletions uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading