| | 55 | |
| | 56 | Because of this, the behavior you reported is not considered a security issue within the Django project. |
| | 57 | |
| | 58 | Thanks for taking the time to submit it through the appropriate channel. |
| | 59 | |
| | 60 | === Private API === |
| | 61 | After review, we've determined that the reported issue only affects direct usage of private, undocumented functionality. As documented at [0]: |
| | 62 | |
| | 63 | > Django contains many private and undocumented functions that are not part of its public API. If a vulnerability depends on directly calling these internal functions in an unsafe way, it will not be considered a valid security issue. |
| | 64 | |
| | 65 | [0] https://docs.djangoproject.com/en/stable/internals/security/#code-under-test-must-feasibly-exist-in-a-django-project |