[ANNOUNCE] Security releases issued (1.4.6, 1.5.2, 1.6b2)

Hi folks --

Today the Django team is issuing multiple releases -- Django 1.4.6, Django 1.5.2, and Django 1.6 beta 2 -- as part of our security process. These releases address two cross-site scripting (XSS) vulnerabilities: one in a widget used by Django's admin interface, and one in a utility function used to validate redirects often used after login or logout.

While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and upgrade when possible.

More details can be found on our blog:

    https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/

As a reminder, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django- developers list. Please see https://www.djangoproject.com/security for further information.

Jacob

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.