Due to the new MAX_URL_LENGTH const introduced due to CVE-2025-64458 leads to errors within our authentication stack as we have redirect URL that are longer than MAX_URL_LENGTH. Hence, with the patch release 4.2.26 new users cannot provision their accounts.
Would it be possible to make MAX_URL_LENGTH an env variable instead of a const? Then users of Django have the choice whether they want to use the safe default or use an own value.