Django LogoThe Django team announced the release of Django 1.2.3 early this morning. All users are encouraged to upgrade as soon as possible.

This release fixes several problems including:

  • Non-ASCII responses using cross-site request forgery (CSRF) tokens were broken by a patch applied in Django 1.2.2.
  • That same patch also caused problems with some forms. Affected forms include the user-editing forms in the admin interface.
  • The package manifest did not include a complete list of files.

The patch that created the first two problem was implemented to address an security issue in which an attacker could use a flaw in the CSRF protection scheme to launch cross-site scripting (XSS) attacks.