Django 2.0.8 release notes — Django documentation
From Get docs
Django/docs/3.2.x/releases/2.0.8
Django 2.0.8 release notes
August 1, 2018
Django 2.0.8 fixes a security issue and several bugs in 2.0.7.
CVE-2018-14574: Open redirect possibility in CommonMiddleware
If the CommonMiddleware and the :setting:`APPEND_SLASH` setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
CommonMiddleware
now escapes leading slashes to prevent redirects to other domains.
Bugfixes
- Fixed a regression in Django 2.0.7 that broke the
regex
lookup on MariaDB (even though MariaDB isn’t officially supported) (:ticket:`29544`). - Fixed a regression where
django.template.Template
crashed if thetemplate_string
argument is lazy (:ticket:`29617`).