django CMS security updates
Security releases for django CMS versions 3.4 and 3.3 address medium-level vulnerabilities. We recommend updating to version 3.4.3 or 3.3.4.
These updates prevent:
- a potential escalation of privileges through a django CMS page's Advanced Settings.
- a potential phishing attack using redirects from the login form
Divio Cloud users can update their django CMS installations via the control panel.
Please see the notes on GitHub for more details.
As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at [email protected].
Please do not use GitHub, our email lists or IRC to report, address or otherwise discuss matters relating to security.