Is it possible to apply a security patch to version 3.14?

[SorianoMarmol]

Hello,

First of all, thank you very much for your work and effort.

I was wondering if it would be possible to cherry-pick the following commit (from this PR) to the version 3.14. It is a fairly simple fix for a potential security risk (reported by dependabot, moderate severity 6.1/10):

Cross-site Scripting in djangorestframework
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.

With version 3.15, significant design changes have been introduced that require considerable time to update. So cherry-picking this commit to address this potential security issue would help many projects by giving them more time to update smoothly.

I’d like to take the opportunity to point out that version 3.15.2 does not appear in the release list with its changelog, but it is available on Pypi.

[browniebroke]

I was wondering if it would be possible to cherry-pick the following commit (from this #9435) to the version 3.14

Sorry but no. We're not backporting fixes to 3.14.x releases, we don't really have the bandwidth to do so.

I’d like to take the opportunity to point out that version 3.15.2 does not appear in the release list with its changelog, but it is available on PyPI.

That's now fixed

With all that in mind, I'm goign to close this. Thanks for your suggestions.