Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Fix Critical Deserialization Issue in Fedora 43 python-django-haystack

fedora
Calendar Grey June 30, 2026
Dist Fedora Esm H88
Eliminate a critical deserialization flaw in python-django-haystack on Fedora 43 to prevent remote code execution risks.
Fixes GHSA-r3hx-x5rh-p9vv: via eval() in Elasticsearch Result Deserialization https://github.com/django-haystack/django- haystack/security/advisories/GHSA-r3hx-x5rh-p9vv What's Cha...

Summary

Haystack provides modular search for Django. It features a unified, familiar

API that allows you to plug in different search backends (such as Solr,

Elasticsearch, Whoosh, Xapian, etc.) without having to modify your code.

Haystack is BSD licensed, plays nicely with third-party app without needing to

modify the source and supports advanced features like faceting, More Like This,

highlighting, spatial search and spelling suggestions.

You can find more information at http://haystacksearch.org/.

Update Information:

Fixes GHSA-r3hx-x5rh-p9vv: via eval() in Elasticsearch Result Deserialization https://github.com/django-haystack/django- haystack/security/advisories/GHSA-r3hx-x5rh-p9vv What's Changed https://github.com/django-haystack/django-haystack/releases/tag/v3.4.0 Remove obsolete ElasticSearch2 support and tests by @claudep in https://github.com/django-haystack/django-haystack/pull/1978 Add Django v5.1 to the testing by @cclauss in https://github.com/django- haystack/django-haystack/pull/1991 GitHub Actions: Add Python 3.13 to the testing by @cclauss in https://github.com/django-haystack/django-haystack/pull/1997 Fix typo. by @andresmrm in https://github.com/django-haystack/django- haystack/pull/1998 Fix RelatedSearchQueryset.load_all() truncating results by @craigds in https://github.com/django-haystack/django-haystack/pull/2012 [FIXED] -- handle trailing slash in Solr index URL for core reload. by @DhavalGojiya in https://github.com/django-haystack/django-haystack/pull/1968...

Change Log

* Mon Jun 22 2026 Michel Lind - 3.4.0-1 - Update to 3.4.0 upstream release - Resolves: rhbz#2484926 - Enable Packit * Thu Jun 4 2026 Python Maint - 3.3.0-8 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 3.3.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2484926 - python-django-haystack-3.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484926

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1d2c7eaa2f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-django-haystack
Product: Fedora 43
Version: 3.4.0
Release: 1.fc43
Summary: Pluggable search for Django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here