On 05/20/2015 10:10 PM, Markus Holtermann wrote:
Today the Django team issued Django 1.8.2 as part of our security process. This releases address a security issue, and we encourage all users to upgrade as soon as possible.
More details can be found on our blog:
https://www.djangoproject.com/weblog/2015/may/20/security-release/
As a reminder, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.
Hi Markus, first at all thank you very much that you are so kind to inform us about django advisories, its appreciated to get informed... But after a while we realized that (besides our mailing list) we do not see any email notifications. You should consider to send this advisory announcement to oss-security@lists.openwall.com instead of posting it to the arch (only) security list. The reason behind this is that we think oss-security is a better place to inform a wider range of people about django advisories. In general we try not to become a mirror or rival to general security and advisory announcing mailinglists. We are watching / monitoring the oss-security list, so for the Arch Linux package mitigation point of view there will be no difference in posting it to oss-security. I'm sure a lot of non Arch Linux related people will appreciate it to get informed there. cheers, Levente