django-announce Google Group

ANNOUNCE: Security bugfix releases

2008-05-14T05:13:02Z

In accordance with our security policy[1], a set of releases is being
issued tonight to fix a security vulnerability reported to the Django
project. This message contains a description of the vulnerability, a
description of the changes made to fix it, pointers to the the
relevant patches for each supported version of Django and pointers to

ANN: Security fix to i18n framework

2007-10-26T20:00:16Z

Hello folks --
Today we're releasing a fix for a security vulnerability discovered in
Django's internationalization framework. The complete details are below,
but the executive summary is that you should updated to a fixed version
of Django immediately.
We are releasing point-releases of all effected Django versions. You can

ANN: Upcoming backwards-incompatible changes to Django development version

2007-04-06T14:01:18Z

Hi all,
For a long time, we've recommended that people use the Django
development version instead of the latest Django release, as we try
hard to keep the development version stable. We're loosening that
policy, temporarily, for the immediate future, in order to make a
number of backwards-incompatible changes to the development version.

Announcing Django 0.96!

2007-03-23T21:32:09Z

We're pleased to announce the release of Django 0.96 today; this
release involves cleanup and stabilization of features from the 0.95
release, along with some nice new features: an integrated testing
framework, the first release of the newforms library, and a ton of
useful improvements.
There are also a few backwards-incompatible changes, documented in the

ANN: Fix for generic relations data-loss bug

2007-02-10T05:56:35Z

A bug in Django's generic-relations code was found which would cause
the 'delete()' method to delete more objects than it should have; this
was patched in Django trunk as changeset 4428[1] and in the 0.95-
bugfixes branch as changeset 4476[2].
Generic relations are a relatively new feature in Django, and are

ANN: Django 0.95.1 released

2007-01-23T15:42:33Z

Over the weekend we rolled out Django 0.95.1, a new minor release of
Django
which includes fixes for several bugs discovered in the original 0.95
release; 0.95.1 includes:
* A patch for a small security vulnerability in the script Django's
internationalization system uses to compile translation files.

ANN: User-creation hole fixed in Django development (Subversion) version

2006-09-08T06:04:10Z

Hello all,
Thanks to a report 30 minutes ago from Robert Bunting, we've fixed a
hole in the Django admin site that allows non-authenticated users to
create unprivileged user accounts by guessing a URL.
This affects people using the Django development version, revision
3520 or higher. It does *not* affect people running any official

ANN: Small security hole in compile-messages.py fixed

2006-08-16T06:31:53Z

The Django team discovered and fixed a small security hole in the
django/bin/compile-messages.py helper script, which is the script that
compiles message files (.po files) into binary format (.mo files).
The compile-messages.py script uses the name of the .po file to build
arguments to a system command, and it didn't sufficiently validate the