Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Fedora 44 Python-Django-Haystack Faces Critical Deserialization Risk

fedora
Calendar Grey June 30, 2026
Dist Fedora Esm H88
Fixes critical deserialization issue in python-django-haystack on Fedora 44, ensuring enhanced system security and stability.
Fixes GHSA-r3hx-x5rh-p9vv: via eval() in Elasticsearch Result Deserialization https://github.com/django-haystack/django- haystack/security/advisories/GHSA-r3hx-x5rh-p9vv What's Cha...

Summary

Haystack provides modular search for Django. It features a unified, familiar

API that allows you to plug in different search backends (such as Solr,

Elasticsearch, Whoosh, Xapian, etc.) without having to modify your code.

Haystack is BSD licensed, plays nicely with third-party app without needing to

modify the source and supports advanced features like faceting, More Like This,

highlighting, spatial search and spelling suggestions.

You can find more information at http://haystacksearch.org/.

Update Information:

Fixes GHSA-r3hx-x5rh-p9vv: via eval() in Elasticsearch Result Deserialization https://github.com/django-haystack/django- haystack/security/advisories/GHSA-r3hx-x5rh-p9vv What's Changed https://github.com/django-haystack/django-haystack/releases/tag/v3.4.0 Remove obsolete ElasticSearch2 support and tests by @claudep in https://github.com/django-haystack/django-haystack/pull/1978 Add Django v5.1 to the testing by @cclauss in https://github.com/django- haystack/django-haystack/pull/1991 GitHub Actions: Add Python 3.13 to the testing by @cclauss in https://github.com/django-haystack/django-haystack/pull/1997 Fix typo. by @andresmrm in https://github.com/django-haystack/django- haystack/pull/1998 Fix RelatedSearchQueryset.load_all() truncating results by @craigds in https://github.com/django-haystack/django-haystack/pull/2012 [FIXED] -- handle trailing slash in Solr index URL for core reload. by @DhavalGojiya in https://github.com/django-haystack/django-haystack/pull/1968...

Change Log

* Mon Jun 22 2026 Michel Lind - 3.4.0-1 - Update to 3.4.0 upstream release - Resolves: rhbz#2484926 - Enable Packit * Thu Jun 4 2026 Python Maint - 3.3.0-8 - Rebuilt for Python 3.15

References


[ 1 ] Bug #2484926 - python-django-haystack-3.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484926

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3e10194134' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-django-haystack
Product: Fedora 44
Version: 3.4.0
Release: 1.fc44
Summary: Pluggable search for Django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here