Security Releases: v0.2.3 and v0.2.2.1
112 views
Skip to first unread message
Joshua Ginsberg
Nov 1, 2011, 10:37:13 AM11/1/11
to django...@googlegroups.com
Good morning!
A security issue has been found in Piston that could result in remote code execution. As such, I've made two releases this morning.
First, Piston v0.2.3 includes the security fix as well as all changes that have not yet been codified in a release since 0.2.2, including playing nicely with the CSRF framework. Second, for those who have not tested the unreleased changes in their environment, Piston v0.2.2.1 includes only the security fix.
All sites using Piston should upgrade to one of the two of these releases. If you're maintaining your own fork, you should port the changesets to your codebase.
Please let me know if you have any questions or concerns, and thanks to d...@d1b.org for bringing the security issue to our attention. Thanks!
-jag
Umbrae
Nov 1, 2011, 1:52:05 PM11/1/11
to django...@googlegroups.com
For those of you maintaining your own forks, the fix is here: https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
Reply all
Reply to author
Forward
0 new messages