Django 1.11.5 & 1.10.8 release, fix security issues

Django 1.11.5 and 1.10.8 have been released, the two versions of the main solution to a number of security issues, as follows:

CVE-2017-12794: XSS attacks may occur in the drill-down part of the 500 debug page

  • In the old version, the HTML auto-conversion was disabled in the template section of the 500 debug page. In the appropriate case, this will lead to cross-site scripting attacks. This vulnerability should not affect most sites because you will not be set in the production environment,DEBUG = True which makes this page accessible.

Affected versions:

  • Django master development branch
  • Django 1.11
  • Django 1.10

According to the official version of the support program, now no longer support Django 1.9, Django 1.8 is not affected.

For specific solutions, please refer to the release notes, it is recommended that users upgrade as soon as possible.

For additional details, please refer to the respective release notes, 1.11.5 and 1.10.8.


Leave a Reply

Your email address will not be published. Required fields are marked *