Hi folks --
At last week's Black Hat conference, researchers announced the BREACH
attack (http://breachattack.com/), a new attack on web apps that can
recover data even when secured with SSL connections. Given what we know so
far, we believe that BREACH may be used to compromise Django's CSRF
protection. Thus, we're issuing a security advisory so that our users can
defend themselves.
You can read more details, including how the steps you can take to prevent
yourself against this attack, on our blog:
https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
We plan to take steps to address BREACH in Django itself, but in the
meantime we recommend that all users of Django understand this
vulnerability and take action if appropriate.
Jacob
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
For more options, visit https://groups.google.com/groups/opt_out.
