Security releases for django CMS 3.3 and 3.4
6 views
Skip to first unread message
Daniele Procida
Apr 26, 2017, 10:08:50 AM4/26/17
to django CMS developers, django CMS
We've issued security releases (3.4.3 and 3.3.4) for two medium-level vulnerabilities.
These updates prevent:
* a potential escalation of privileges through a django CMS page's Advanced Settings.
* a potential phishing attack using redirects from the login form
The updated releases are now available from our GitHub repository <https://github.com/divio/django-cms/> and PyPI <https://pypi.python.org/pypi/django-cms/>.
Divio Cloud users can update their django CMS installations via the control panel <https://control.divio.com/>.
Please see the notes on GitHub <https://github.com/divio/django-cms/issues/5938> for more details.
Thanks to Anthony Steinhauser and Mark Walker for the reports.
As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at <secu...@django-cms.org>.
Please do not use GitHub, our email lists or IRC to report, address or otherwise discuss matters relating to security.
If you use django CMS in a critically-important application, please contact Divio for details of SLAs, that will give you access to patches and information about vulnerabilities before disclosures or releases are made public: <https://www.divio.com/en/solutions/enterprise-services/>.
On behalf of the team,
Daniele
These updates prevent:
* a potential escalation of privileges through a django CMS page's Advanced Settings.
* a potential phishing attack using redirects from the login form
The updated releases are now available from our GitHub repository <https://github.com/divio/django-cms/> and PyPI <https://pypi.python.org/pypi/django-cms/>.
Divio Cloud users can update their django CMS installations via the control panel <https://control.divio.com/>.
Please see the notes on GitHub <https://github.com/divio/django-cms/issues/5938> for more details.
Thanks to Anthony Steinhauser and Mark Walker for the reports.
As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at <secu...@django-cms.org>.
Please do not use GitHub, our email lists or IRC to report, address or otherwise discuss matters relating to security.
If you use django CMS in a critically-important application, please contact Divio for details of SLAs, that will give you access to patches and information about vulnerabilities before disclosures or releases are made public: <https://www.divio.com/en/solutions/enterprise-services/>.
On behalf of the team,
Daniele
Reply all
Reply to author
Forward
0 new messages