===========================Django 3.2.22 release notes===========================*October 4, 2023*Django 3.2.22 fixes a security issue with severity "moderate" in 3.2.21.CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``================================================================================Following the fix for :cve:`2019-14232`, the regular expressions used in theimplementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``methods (with ``html=True``) were revised and improved. However, these regularexpressions still exhibited linear backtracking complexity, so when given avery long, potentially malformed HTML input, the evaluation would still beslow, leading to a potential denial of service vulnerability.The ``chars()`` and ``words()`` methods are used to implement the:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` templatefilters, which were thus also vulnerable.The input processed by ``Truncator``, when operating in HTML mode, has beenlimited to the first five million characters in order to avoid potentialperformance and memory issues.