I recently upgraded the application I work on from Django version 4.2.24 to 4.2.26, and after running our full suite of tests we found that some of our functionality was broken by the changes to resolve CVE-2025-27556. We are generating pre-signed URLs to S3 resources with boto which are used fetch job results created by our application and at least some of these URLs are over the 2048 MAX_URL_LENGTH introduced by [4.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpRespon… · django/django@770eea3 · GitHub .
My big problem here is that our application is not designed to run on Windows hardware and so this security fix is entirely a moot point unless I’m misunderstanding something. Yet the configuration was imposed on us and now we are required to either update our application logic or be stuck on versions prior to this series of patches.
Does anyone else have this issue? Can anyone make any recommendations? I really don’t want to have to fork the Django repo just for this… Any help is apprecated