Apply Django Security Patch v4.2.19 for Sumac

[magajh]

Apply latest Django patch https://docs.djangoproject.com/en/5.1/releases/4.2.19/
which contains latest security fix https://docs.djangoproject.com/en/5.1/releases/4.2.18/

Django 4.2.18 fixes a security issue with severity “moderate” in 4.2.17.
CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation¶

Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address were vulnerable, as was the django.forms.GenericIPAddressField form field, which has now been updated to define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.

Open edX services to upgrade (taken from https://openedx.atlassian.net/wiki/spaces/COMM/pages/4558782480/Sumac.master)

• course-discovery
• credentials
• edx-notes-api
• edx-platform
• enterprise-access
• enterprise-catalog
• event-bus-redis
• license-manager
• platform-plugin-aspects
• xqueue

[magajh]

@farhaanbukhsh @mariajgrimaldi Just tagging you both to check if it's possible to include these patches for Sumac.2.
For what it's worth, I don’t think this is a release blocker, but it would be nice to have

[farhaanbukhsh]

@magajh We have pushed the release to Wednesday because we wanted the security patches to get in Sumac.2? cc: @mariajgrimaldi

[mariajgrimaldi]

Hi there, thanks for the tag! I think it's worth trying to get this for Sumac. 2, even if it's an urgent patch.