============================Django 1.11.11 release notes============================*March 6, 2018*Django 1.11.11 fixes two security issues in 1.11.10.CVE-2018-7536: Denial-of-service possibility in ``urlize`` and ``urlizetrunc`` template filters===============================================================================================The ``django.utils.html.urlize()`` function was extremely slow to evaluatecertain inputs due to catastrophic backtracking vulnerabilities in two regularexpressions. The ``urlize()`` function is used to implement the ``urlize`` and``urlizetrunc`` template filters, which were thus vulnerable.The problematic regular expressions are replaced with parsing logic thatbehaves similarly.CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters==================================================================================================================If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods werepassed the ``html=True`` argument, they were extremely slow to evaluate certaininputs due to a catastrophic backtracking vulnerability in a regularexpression. The ``chars()`` and ``words()`` methods are used to implement the``truncatechars_html`` and ``truncatewords_html`` template filters, which werethus vulnerable.The backtracking problem in the regular expression is fixed.