Changes between Version 7 and Version 8 of SecurityTeam


Ignore:
Timestamp:
Jun 18, 2025, 7:21:15 AM (3 months ago)
Author:
Natalia Bidart
Comment:

Added extra links for runserver response.

Legend:

Unmodified
Added
Removed
Modified

  • SecurityTeam

    v7 v8  
    4949=== Security issue in the development server (runserver) ===
    5050
    51 Thanks for the report and for taking the time to submit it through the appropriate channel.
    52 
    53 After review, we've determined that this issue only affects the development server used by runserver. As documented at [0]:
     51After review, we've determined that the reported issue only affects the development server used by runserver. As documented at [0]:
    5452
    5553"This lightweight development server has not gone through security audits or performance tests, hence is unsuitable for production. Making this server able to handle a production environment is outside the scope of Django."
    5654
     55Also, our security policy at [1] states that:
     56
     57"[...] This means the following scenarios do not require a security release: Exploits that only affect local development, for example when using runserver."
     58
    5759Because of this, the behavior you reported is not considered a security issue within the Django project. That said, we appreciate your diligence and have opened a public ticket to track a regular fix for this case, with appropriate credit for your report.
    5860
     61Thanks for taking the time to submit it through the appropriate channel.
     62
    5963[0] https://docs.djangoproject.com/en/stable/ref/django-admin/#django-admin-runserver
     64
     65[1] https://docs.djangoproject.com/en/stable/internals/security/#how-does-django-evaluate-a-report
    6066
    6167=== Unauthenticated cache purge ===
Back to Top