> Today the Django team is issuing multiple releases -- Django 1.4.6, Django 1.5.2, and Django 1.6 beta 2 -- as part of our security process. These releases are now available on PyPI and our download page
> These releases address two cross-site scripting (XSS) vulnerabilities: one in a widget used by Django's admin interface, and one in a utility function used to validate redirects often used after login or logout.
> While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and upgrade when possible.