Security Team

This page is used by the security team to help with process of analyzing and replying to security reports.

Canned Responses

Report acknowledgement

Hi,

Thank you for the report!

We will investigate and get back to you soon.

Please keep this private until we complete our analysis.

Note that it can take several weeks before we have completed our analysis. There is no need to chase the security team unless you discovery new, relevant information. All reports aim to be resolved within the industry-standard 90 days.

Confirmation of vulnerability

Hello {{ name }},

Thank you for your report and patience. We have confirmed the vulnerability, which has been assigned {{ cve_number }}.

I have attached our proposed mitigation solution. Could you please test the patch to ensure it reliably fixes the issue?

We plan to mention the discoverer of the vulnerability in a blog post. Is "{{ name }}" okay, or would you prefer to be credited differently?

The Django release with this fix is currently planned for {{ planned_release_date }}. Please keep this private until after the updated versions are published.

Thank you again!