Django 1.6.4 release notes Bugfixes Django 1.6.4 release notes April 28, 2014 Django 1.6.4 fixes several bugs in 1.6.3. Bugfixes Added backwards compatibility support for...

Django 1.6.5 release notes Issue: Caches may incorrectly be allowed to store and serve private data Issue: Malformed redirect URLs from user input not correctly validated Bugfixe...

Django 1.8.3 release notes Denial-of-service possibility by filling session store Header injection possibility since validators accept newlines in input Denial-of-service possibi...

Django 1.8.11 release notes Django 1.8.11 release notes March 5, 2016 Django 1.8.11 fixes a regression on Python 2 in the 1.8.10 security release where utils.http.is_safe_url(...

Django 1.9 release notes Python compatibility What’s new in Django 1.9 Performing actions after a transaction commit Password validation Permission mixins for class-based views ...

Django 1.9.3 release notes CVE-2016-2512: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth CVE-2016-2513: User enumeration through ...

Django 1.9.4 release notes Django 1.9.4 release notes March 5, 2016 Django 1.9.4 fixes a regression on Python 2 in the 1.9.3 security release where utils.http.is_safe_url() c...

Django 1.9.10 release notes CSRF protection bypass on a site with Google Analytics Django 1.9.10 release notes September 26, 2016 Django 1.9.10 fixes a security issue in 1.9....

Django 1.9.11 release notes User with hardcoded password created when running tests on Oracle DNS rebinding vulnerability when DEBUG=True Django 1.9.11 release notes Novembe...

Django 1.9.12 release notes Bugfixes Django 1.9.12 release notes December 1, 2016 Django 1.9.12 fixes a regression in 1.9.11. Bugfixes Quoted the Oracle test user’s passw...