From a88e47930c022c5ae0ab02f998fbe5d62859c32f Mon Sep 17 00:00:00 2001
From: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Date: Wed, 27 Sep 2023 09:36:02 -0400
Subject: [PATCH] Update django version to address CVE-2023-41164 (#14460)

---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index e31d0f24f4..5cb95f8394 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -12,7 +12,7 @@ cryptography>=41.0.2  # CVE-2023-38325
 Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
 daphne
 distro
-django==4.2.3  # see UPGRADE BLOCKERs CVEs were identified in 4.2, pinning to .3
+django==4.2.5  # see UPGRADE BLOCKERs, CVE-2023-41164
 django-auth-ldap
 django-cors-headers
 django-crum
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 8b46d049b8..c49d6079ea 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -103,7 +103,7 @@ deprecated==1.2.13
     # via jwcrypto
 distro==1.8.0
     # via -r /awx_devel/requirements/requirements.in
-django==4.2.3
+django==4.2.5
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels