| Blog Info | The Django weblog |
|---|---|
| Blog website | Link |
Feb. 4, 2026 » The Django weblog » [Archived Version]
Yesterday, Django issued security releases mitigating six vulnerabilities of varying severity. Django is a secure web framework, and that hasn’t changed. What feels new is the remarkable consistency across the reports we receive now. Almost every report now is a variation on a prior vulnerability. Instead of uncovering new classes of issues, these reports explore how an underlying pattern from a recent advisory might surface in a similar code path or under a slightly different configuration. Th…
Read MoreFeb. 3, 2026 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.2, Django 5.2.11, and Django 4.2.28. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate use…
Read MoreJan. 6, 2026 » The Django weblog » [Archived Version]
Today we've issued the 5.2.10 and 6.0.1 bugfix releases. The release packages and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for these releases is Jacob Walls: 131403F4D16D8DC7
Read MoreOct. 1, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.7, Django 5.1.13, and Django 4.2.25. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods were subject to SQL injection…
Read More