mirror of
https://github.com/openwrt/packages.git
synced 2026-04-15 10:51:55 +00:00
06eb22a606
Update package to 6.0.4. Security fixes: - CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart uploads with excessive whitespace could cause repeated memory copying - CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores are now ignored by ASGIRequest to prevent hyphen/underscore conflation attacks - CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions on inline model instances were not validated against forged POST data - CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist forms incorrectly allowed new instances to be created via forged POST data - CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE Bug fixes: - alogin/alogout regression where request.user was not set/cleared if already materialized by sync middleware - RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a fieldset in admin forms Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>