Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump django from 6.0.3 to 6.0.5

Closed
Number: #33
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: June 13, 2026 at 05:05 AM UTC
(3 days ago)
Updated: June 14, 2026 at 05:29 AM UTC
(1 day ago)
Closed: June 14, 2026 at 05:29 AM UTC
(1 day ago)
Time to Close: 1 day
Labels:
dependencies python:uv
Description:

Bumps django from 6.0.3 to 6.0.5.

Commits
  • 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
  • 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
  • 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
  • ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
  • 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
  • f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
  • 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
  • 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
  • 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
  • 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
  • Additional commits viewable in compare view

Package Dependencies
Package:
django
Ecosystem:
pip
Version Change:
6.0.3 → 6.0.5
Update Type:
Patch
Security Advisories
Django has a Race Condition vulnerability
GHSA-mjgh-79qc-68w3 CVE-2026-25674 LOW
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause fil...
Django Uses Cache Containing Sensitive Information
GHSA-5hrc-gvxj-w55p CVE-2026-6907 LOW
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`)....
Django has an Improper Handling of Length Parameter Inconsistency
GHSA-w26r-rmm8-9c29 CVE-2026-5766 MODERATE
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentiall...
Django Uses Persistent Cookies Containing Sensitive Information
GHSA-7h2m-m8vj-598h CVE-2026-35192 LOW
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacke...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 16045101
UUID: 4654429241
Node ID: PR_kwDORYOrTc7mBLg1
Host: GitHub
Repository: dataengineeringformachinelearning/dataengineeringformachinelearning