From e3a9d9fbe8e858997f80be2c1e07f1ab50e65f25 Mon Sep 17 00:00:00 2001
From: jessicamack <jmack@redhat.com>
Date: Fri, 29 Aug 2025 15:57:16 -0400
Subject: [PATCH] [AAP-51443]CVE-2025-48432 (#7073)

* bump Django version to patch with additional hardening
---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index ddb7e0d2f4..28e0197cde 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -14,7 +14,7 @@ cryptography>=41.0.7  # CVE-2023-49083
 Cython<3 # due to https://github.com/yaml/pyyaml/pull/702
 daphne
 distro
-django==4.2.21  # CVE-2025-32873
+django==4.2.23  # CVE-2025-48432
 django-auth-ldap
 django-cors-headers
 django-crum
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 46aa707501..e2a9f964dd 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -138,7 +138,7 @@ deprecated==1.2.14
     #   pygithub
 distro==1.9.0
     # via -r /awx_devel/requirements/requirements.in
-django==4.2.21
+django==4.2.23
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels