Wednesday, March 2, 2016

Security Release: Django 1.8.10 and 1.9.3

The Django project has released new versions that fix two security issues:

  • CVE-2016-2512: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
  • CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade

  • Read more about the security issues on the Django blog.

    We want to let Bitnami users know that Django 1.8.10 and Django 1.9.3 installers, virtual machines and cloud images have been updated and released. We strongly suggest that you update your Django applications to the latest version.

    Do you have questions about Bitnami Django or the security issues? Please post to our community forum and we will be happy to help.