Posted by Matt on Feb. 11, 2011 at 23:55
Along with the Django 1.2.5 security release, there was also a 1.1.4 for the people who havn't upgraded.
"Today the Django team is issuing multiple releases -- Django 1.2.5 and Django 1.1.4 -- to remedy three security issues reported to us. All users of affected versions of Django are urged to upgrade immediately."
Fixes include; "Flaw in CSRF handling" and "Potential XSS in file field rendering"
Comments