id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26628	Log CSRF failures to django.security instead of django.request	Jacob Kaplan-Moss	Holly Becker	"It's currently possible to log CSRF exceptions with the 403 handler. But a more sensible default would be to log them by default. This would be an easy simple step that would make Django play more nicely with a SIEM

[One of a series of bugs from a discussion I had with @mallyvai about improving the security of Django's admin - see https://gist.github.com/mallyvai/bcb0bb827d6d53212879dff23cf15d03 for the full list.]

"	Cleanup/optimization	closed	CSRF	1.9	Normal	fixed	csrf security		Accepted	1	0	0	0	1	0