Full information is available on the Django project weblog:
http://www.djangoproject.com/weblog/2009/jul/28/security/
These releases are strongly recommended upgrades for users of affected
Django versions (1.0.X, 0.96.X).
Django 1.1, which is due to be released within a few hours, will also
include this update, as well as a second security-related change
detailed in the blog post listed above.
Also, please note that with the release of Django 1.1 tonight, the
Django 0.96.X release series will reach end-of-life; after tonight's
0.96.4 there will be no further official releases in that series.
--
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."