Content: Blog

Release

django CMS security updates

Daniele Procida

Daniele Procida

April 26, 2017

security 3.3 3.4

Security releases for django CMS versions 3.4 and 3.3 address medium-level vulnerabilities. We recommend updating to version 3.4.3 or 3.3.4.

These updates prevent:

  • a potential escalation of privileges through a django CMS page's Advanced Settings.
  • a potential phishing attack using redirects from the login form

The updated releases are now available from our GitHub repository and PyPI.

Divio Cloud users can update their django CMS installations via the control panel.

Please see the notes on GitHub for more details.

Thanks to Anthony Steinhauser and Mark Walker for the reports.

As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at [email protected].

Please do not use GitHub, our email lists or IRC to report, address or otherwise discuss matters relating to security.

django CMS SLAs for critical applications

Do you use django CMS in a critically-important application? Please contact Divio for details of SLAs, that will give you access to patches and information about vulnerabilities before disclosures or releases are made public.
 

Do you want to test django CMS?

Try django CMS

django CMS Association

The association behind django CMS
Email [email protected]

Subscribe to Newsletter

 

Community
Blog
Events
Security
Developers
Documentation
Roadmap
Repository
Issue tracker
Follow us

icon-twitter.png   icon-slack-32.png    icon-github.png   icon-linkedin-32.png

Mastodon

Copyright © 2001 - 2024 Divio AG. BSD Open-Source License.

Django CMS is based on Python and Django

A project backed by the django CMS Association