Concerning CVE-2018-14574: is there a open redirect possibility in CommonMiddleware of version 1.9.5

[Christophe Dupouy]

I understand that per your supported versions policy, Django 1.10 and older are no longer supported.

But can you indicated me if there is an open redirect possibility in CommonMiddleware of version 1.9.5.

If not affected, I want to avoid to have to find ressources (money and people) to perform a specific non-regression tests of my solution to upgrade to django security releases 1.11.15.

[Tim Graham]

I didn't confirm it but according to the comments at the bottom of https://github.com/django/django/commit/a656a681272f8f3734b6eb38e9a88aa0d91806f1, Django 1.9 and later are affected.