June 10, 2025
Django 5.2.3 fixes several bugs in 5.2.2. Also, the latest string translations from Transifex are incorporated.
Fixed a log injection possibility by migrating remaining response logging
to django.utils.log.log_response(), which safely escapes arguments such
as the request path to prevent unsafe log output (CVE 2025-48432).
Fixed a regression in Django 5.2 that caused QuerySet.bulk_update() to
incorrectly convert None to JSON null instead of SQL NULL for
JSONField (#36419).
Fixed a regression in Django 5.2.2 where the q parameter was removed from
the internal django.http.MediaType.params property (#36446).
Jul 26, 2025