Django 1.2.3 Released

Django LogoThe Django team announced the release of Django 1.2.3 early this morning. All users are encouraged to upgrade as soon as possible.

This release fixes several problems including:

  • Non-ASCII responses using cross-site request forgery (CSRF) tokens were broken by a patch applied in Django 1.2.2.
  • That same patch also caused problems with some forms. Affected forms include the user-editing forms in the admin interface.
  • The package manifest did not include a complete list of files.

The patch that created the first two problem was implemented to address an security issue in which an attacker could use a flaw in the CSRF protection scheme to launch cross-site scripting (XSS) attacks.

My Bookshelf

Reading Now

Other Stuff