From 51f9160654e3e861bcbdc767ae47b17442a10164 Mon Sep 17 00:00:00 2001
From: jessicamack <jmack@redhat.com>
Date: Tue, 8 Apr 2025 12:07:22 -0400
Subject: [PATCH] Fix CVE 2025-26699 (#15924)

fix CVE 2025-26699
---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index 45ad8dd530..c2e2b8d6e0 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -14,7 +14,7 @@ cryptography<42.0.0  # investigation is needed for 42+ to work with OpenSSL v3.0
 Cython
 daphne
 distro
-django==4.2.16  # CVE-2024-24680
+django==4.2.20  # CVE-2025-26699
 django-cors-headers
 django-crum
 django-extensions
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 941d251dbf..6cb67b3280 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -122,7 +122,7 @@ deprecated==1.2.15
     #   pygithub
 distro==1.9.0
     # via -r /awx_devel/requirements/requirements.in
-django==4.2.16
+django==4.2.20
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels
@@ -167,7 +167,9 @@ djangorestframework-yaml==2.0.0
 durationpy==0.9
     # via kubernetes
 dynaconf==3.2.10
-    # via -r /awx_devel/requirements/requirements.in
+    # via
+    #   -r /awx_devel/requirements/requirements.in
+    #   django-ansible-base
 enum-compat==0.0.3
     # via asn1
 filelock==3.16.1