diff --git a/3.14.0.tar.gz b/3.14.0.tar.gz deleted file mode 100644 index 2f89a206bbdc14fc033156700cd6a401990a222f..0000000000000000000000000000000000000000 Binary files a/3.14.0.tar.gz and /dev/null differ diff --git a/3.16.0.tar.gz b/3.16.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch b/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch deleted file mode 100644 index a13bdb74e8bb589dd9770de8ba69b5128f1c1124..0000000000000000000000000000000000000000 --- a/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3b41f0124194430da957b119712978fa2266b642 Mon Sep 17 00:00:00 2001 -From: Seokchan Yoon -Date: Fri, 14 Jun 2024 18:52:02 +0900 -Subject: [PATCH] Fix potential XSS vulnerability in break_long_headers - template filter (#9435) - -The header input is now properly escaped before splitting and joining with
tags. This prevents potential XSS attacks if the header contains unsanitized user input. ---- - rest_framework/templatetags/rest_framework.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py -index ccd9430..22f6f64 100644 ---- a/rest_framework/templatetags/rest_framework.py -+++ b/rest_framework/templatetags/rest_framework.py -@@ -318,5 +318,5 @@ def break_long_headers(header): - when possible (are comma separated) - """ - if len(header) > 160 and ',' in header: -- header = mark_safe('
' + ',
'.join(header.split(','))) -+ header = mark_safe('
' + ',
'.join(escape(header).split(','))) - return header --- -2.43.0 - diff --git a/python-django-rest-framework.spec b/python-django-rest-framework.spec index 4c5427b111254b326ca9efbe7b4e178314d4ca4f..eddc62d84094a0a7665d657852e57c4454decf06 100644 --- a/python-django-rest-framework.spec +++ b/python-django-rest-framework.spec @@ -1,14 +1,12 @@ %global _empty_manifest_terminate_build 0 Name: python-django-rest-framework -Version: 3.14.0 +Version: 3.16.0 Release: 2 Summary: Web APIs for Django. License: BSD-3-Clause URL: https://github.com/encode/django-rest-framework -Source0: https://github.com/encode/django-rest-framework/archive/refs/tags/3.14.0.tar.gz -BuildArch: noarch - -Patch01: Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch +Source0: https://github.com/encode/django-rest-framework/archive/refs/tags/3.16.0.tar.gz +#BuildArch: noarch %description Django REST framework is a powerful and flexible toolkit for building Web APIs.