diff --git a/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch b/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch deleted file mode 100644 index a13bdb74e8bb589dd9770de8ba69b5128f1c1124..0000000000000000000000000000000000000000 --- a/Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3b41f0124194430da957b119712978fa2266b642 Mon Sep 17 00:00:00 2001 -From: Seokchan Yoon -Date: Fri, 14 Jun 2024 18:52:02 +0900 -Subject: [PATCH] Fix potential XSS vulnerability in break_long_headers - template filter (#9435) - -The header input is now properly escaped before splitting and joining with
tags. This prevents potential XSS attacks if the header contains unsanitized user input. ---- - rest_framework/templatetags/rest_framework.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py -index ccd9430..22f6f64 100644 ---- a/rest_framework/templatetags/rest_framework.py -+++ b/rest_framework/templatetags/rest_framework.py -@@ -318,5 +318,5 @@ def break_long_headers(header): - when possible (are comma separated) - """ - if len(header) > 160 and ',' in header: -- header = mark_safe('
' + ',
'.join(header.split(','))) -+ header = mark_safe('
' + ',
'.join(escape(header).split(','))) - return header --- -2.43.0 - diff --git a/3.14.0.tar.gz b/django-rest-framework-3.16.0.tar.gz similarity index 52% rename from 3.14.0.tar.gz rename to django-rest-framework-3.16.0.tar.gz index 2f89a206bbdc14fc033156700cd6a401990a222f..63d5650868ed947a1002d5ae14f8272ddd5d495c 100644 Binary files a/3.14.0.tar.gz and b/django-rest-framework-3.16.0.tar.gz differ diff --git a/python-django-rest-framework.spec b/python-django-rest-framework.spec index 4c5427b111254b326ca9efbe7b4e178314d4ca4f..9db57da40a0ec9a7c92712c97539795d1f85acb1 100644 --- a/python-django-rest-framework.spec +++ b/python-django-rest-framework.spec @@ -1,14 +1,12 @@ %global _empty_manifest_terminate_build 0 Name: python-django-rest-framework -Version: 3.14.0 -Release: 2 +Version: 3.16.0 +Release: 1 Summary: Web APIs for Django. License: BSD-3-Clause URL: https://github.com/encode/django-rest-framework -Source0: https://github.com/encode/django-rest-framework/archive/refs/tags/3.14.0.tar.gz -BuildArch: noarch - -Patch01: Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch +Source0: https://github.com/encode/django-rest-framework/archive/refs/tags/%{version}.tar.gz#/django-rest-framework-%{version}.tar.gz +#BuildArch: noarch %description Django REST framework is a powerful and flexible toolkit for building Web APIs. @@ -28,7 +26,7 @@ Provides: python3-django-rest-framework-doc Django REST framework is a powerful and flexible toolkit for building Web APIs. %prep -%autosetup -n django-rest-framework-%{version} -p1 +%autosetup -n django-rest-framework-%{version} %build %py3_build @@ -68,6 +66,10 @@ mv %{buildroot}/doclist.lst . %{_docdir}/* %changelog +* Tue Jul 22 2025 liuhan - 3.16.0-1 +- Upgrade to version 3.16.0 +- Remove Backport-CVE-2024-21520-Fix-potential-XSS-vulnerability.patch + * Wed Sep 04 2024 yinyongkang - 3.14.0-2 - Fix CVE-2024-21520