Tuesday, September 17, 2013

Security fix for Django and Review Board

Django 1.4.8 and 1.5.4 have been released to address a denial-of-service attack against Django's authentication framework. All users of Django are encouraged to upgrade immediately.

This security issue was reported through public channels and the Django team issued these security releases immediately, less than a week after the previous security fix announcement. More details can be found in the official Django announcement.

If you are running a BitNami Django-based application you can find how to upgrade Django on our wiki.

These Django releases are accompanied with the Review Board 1.7.14 release. Apart from updating to the latest security release for Django, this release of Review Board includes a handful of other bug fixes, including a small security fix affecting some users using private groups and repositories in the API. A complete list of fixes can be found in the Review Board release notes.

Our installers, virtual machine and cloud images for BitNami Django have already been updated. We will releasing an updated version for Review Board, Weblate and Pootle. We will also be removing older versions of the apps from existing cloud repositories such as Amazon and Azure, to prevent end users from inadvertently launching insecure versions of these apps.