The Django team announced the release of Django 1.2.3 early this morning. All users are encouraged to upgrade as soon as possible.
This release fixes several problems including:
- Non-ASCII responses using cross-site request forgery (CSRF) tokens were broken by a patch applied in Django 1.2.2.
- That same patch also caused problems with some forms. Affected forms include the user-editing forms in the admin interface.
- The package manifest did not include a complete list of files.
The patch that created the first two problem was implemented to address an security issue in which an attacker could use a flaw in the CSRF protection scheme to launch cross-site scripting (XSS) attacks.