Posted on
08.03.2012
by
Kai Diefenbach
within
django,
news,
python
This is an announcement of a security vulnerability of LFS.
We are publishing multiple releases for all affected versions now. All users of LFS are urged to upgrade immediately.
Versions affected
0.5.x, 0.6.x, 0.7.x
Resolution
Patches will be applied to the tip of all version branches. Releases for all affected versions will be provided.
Installation
The installation should be straightforward. Just replace your current version of django-lfs with the new release and restart your instance. This can be done in several ways dependend on your current installation. For instance you can just update the version of django-lfs within buildout.cfg and re-run the buildout or you can install a complete new instance and point it to your current database and media files. Make sure that you are using the correct version branch.
You can find the different installers here:
If you have questions, don't hesitate to get in contact:
If you need professional support, please look here:
Credit
Thanks to Maciej Wisniowski (natcam.pl) who found the issue, handled it in a most responsible way and helped to provide the patches.
General
If you find a security relevant issue, please report it via private mail to security@getlfs.com.