X, Owned by Elon Musk, Brings Antitrust Suit Accusing Advertisers of a Boycott The New York TimesElon Musk’s X files antitrust lawsuit against worldwide advertising group Fox BusinessElon Musk’s X Sues Advertising Group Over Boycott That Allegedly Cost the Platform Billions The Wall Street JournalElon Musk Sues Advertisers For ‘Massive Boycott’ After Twitter Takeover HuffPostElon Musk’s X has lost tons of advertisers. The solution: sue them. Business Insider
Category: tech
Apple Preparing iOS 17.6.1 Update Alongside iOS 18 and iOS 18.1 Betas – MacRumors
Apple Preparing iOS 17.6.1 Update Alongside iOS 18 and iOS 18.1 Betas MacRumorsiOS 17.6.1—Apple Poised To Issue Unexpected New iPhone Update ForbesApple stealthily adds minor features in iOS 17.6, macOS 14.6 releases Ars TechnicaiOS 17.6.1 coming soon for iPhone users 9to5MacApple Rolls Out Security Updates for iOS, macOS SecurityWeek
After nine years, Google’s Nest Learning Thermostat gets an AI makeover – TechCrunch
After nine years, Google’s Nest Learning Thermostat gets an AI makeover TechCrunchNest renewed: Google launches a complete redesign of the iconic smart thermostat The VergeGoogle’s Iconic Chromecast and Nest Learning Thermostat Are Getting Long-Awaited Upgrades WIREDGoogle has completely redesigned the Nest Learning Thermostat and upgraded its most handy features TechRadarThe Nest Learning Thermostat is smarter and sleeker than ever The Keyword | Google Product and Technology News
Django security releases issued: 5.0.8 and 4.2.15
In accordance with our security release policy, the Django team
is issuing releases for
Django 5.0.8 and
Django 4.2.15.
These releases address the security issues detailed below. We encourage all
users of Django to upgrade as soon as possible.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with a
large exponent.
Thanks to Elias Myllymäki for the report.
This issue has severity “moderate” according to the Django security policy.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
Thanks to MProgrammer for the report.
This issue has severity “moderate” according to the Django security policy.
CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget
widget, are subject to a potential denial-of-service attack via certain inputs
with a very large number of Unicode characters.
Thanks to Seokchan Yoon for the report.
This issue has severity “moderate” according to the Django security policy.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as a
passed *arg.
Thanks to Eyal Gabay of EyalSec for the report.
This issue has severity “moderate” according to the Django security policy.
Affected supported versions
Django main branch
Django 5.1 (currently at release candidate status)
Django 5.0
Django 4.2
Resolution
Patches to resolve the issue have been applied to Django’s
main, 5.1, 5.0, and 4.2 branches.
The patches may be obtained from the following changesets.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
On the main branch
On the 5.1 branch
On the 5.0 branch
On the 4.2 branch
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
On the main branch
On the 5.1 branch
On the 5.0 branch
On the 4.2 branch
CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
On the main branch
On the 5.1 branch
On the 5.0 branch
On the 4.2 branch
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
On the main branch
On the 5.1 branch
On the 5.0 branch
On the 4.2 branch
The following releases have been issued
Django 5.0.8 (download Django 5.0.8 |
5.0.8 checksums)
Django 4.2.15 (download Django 4.2.15 |
4.2.15 checksums)
The PGP key ID used for this release is Sarah Boyce: 3955B19851EA96EF
General notes regarding security reporting
As always, we ask that potential security issues be reported via private email
to [email protected], and not via Django’s Trac instance, nor via
the Django Forum, nor via the django-developers list. Please see our security
policies for further information.
Google’s Iconic Chromecast and Nest Learning Thermostat Are Getting Long-Awaited Upgrades – WIRED
Google’s Iconic Chromecast and Nest Learning Thermostat Are Getting Long-Awaited Upgrades WIREDNest renewed: Google launches a complete redesign of the iconic smart thermostat The VergeAfter nine years, Google’s Nest Learning Thermostat gets an AI makeover TechCrunchGoogle has completely redesigned the Nest Learning Thermostat and upgraded its most handy features TechRadarThe Nest Learning Thermostat is smarter and sleeker than ever The Keyword | Google Product and Technology News
Middle East Crisis Israel Conducts New West Bank Raids as Mideast Tensions Run High – The New York Times
Middle East Crisis Israel Conducts New West Bank Raids as Mideast Tensions Run High The New York TimesIsrael war on Gaza live: Eight killed in intense Israeli raids on West Bank Al Jazeera EnglishWest Bank: Ten Palestinians dead in latest violence BBC.comIsrael-Hamas war latest: Palestinians killed in West Bank as world leaders try to avoid regional war The Associated Press8 Palestinians killed in West Bank during IDF counterterror operations The Times of Israel
Israel stares down ‘ring of fire’ as Iran pledges retaliation – Fox News
Israel stares down ‘ring of fire’ as Iran pledges retaliation Fox NewsUS deploys fighter jets to Middle East base to ready for Iran attack The Times of IsraelWashington and Arab states scramble to avert an all-out Middle East war The Washington PostIsraelis remain calm and carry on in face of Iranian threat Fox NewsIran prepping attack on Israel in response to Hamas leader assassination in Tehran USA TODAY
Nikkei 225: Japanese stocks rebound from worst crash since 1987 while global markets are mixed – CNN
Nikkei 225: Japanese stocks rebound from worst crash since 1987 while global markets are mixed CNNJapanese stocks rebound after global sell-off; U.S. futures edge up The Washington PostJapan’s Executives Struggle to Read Volatility in Stocks, Yen BloombergStocks See Choppy Trading as Nerves Still Run High: Markets Wrap Yahoo FinanceJapan’s share benchmark soars nearly 11 percent a day after massive sell-offs that shook Wall Street The Boston Globe
The stock market slump doesn’t have to mean a recession is near – Axios
The stock market slump doesn’t have to mean a recession is near AxiosOpinion | The Economy Is Looking Pre-Recessionary The New York TimesThis Doesn’t Look Like Recession. Here’s How One Could Happen. The Wall Street JournalIs this a correction or a recession? What to know amid the international market plunge USA TODAYOpinion | We’re likely not in a recession — but we could talk ourselves into one The Washington Post
JPMorgan Says Unraveling of Carry Trade Is Only Half Complete – Bloomberg
JPMorgan Says Unraveling of Carry Trade Is Only Half Complete BloombergWhy the Japanese Yen is triggering a global market selloff AxiosWhat are carry trades and how did they contribute to this week’s global market mayhem? The Associated PressCorrection in the dollar-yen was overdue and may be ‘healthy’ for markets, former ECB chief says CNBCIs the stock-market meltdown due to the unwind of this popular hedge-fund trade? MarketWatch