Hello,

First of all, thank you very much for your work and effort.

I was wondering if it would be possible to cherry-pick the following commit (from this PR) to the version 3.14. It is a fairly simple fix for a potential security risk (reported by dependabot, moderate severity 6.1/10):

Cross-site Scripting in djangorestframework
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.

With version 3.15, significant design changes have been introduced that require considerable time to update. So cherry-picking this commit to address this potential security issue would help many projects by giving them more time to update smoothly.

I’d like to take the opportunity to point out that version 3.15.2 does not appear in the release list with its changelog, but it is available on Pypi.