← All stories
● Covered by 1 source Β· 1 reportMedium impact

Django releases 6.0.6 and 5.2.15 to address security vulnerabilities

Aggregated by BrevFeed security Β· updated 10h ago
πŸ”– Save

Django has released updates 6.0.6 and 5.2.15 to fix several low-severity security vulnerabilities. Users are advised to upgrade promptly to mitigate potential risks concerning cookie signing, email transmission, and caching behavior.

Key points

Overview of New Django Security Releases

The Django team has issued security releases 6.0.6 and 5.2.15. These versions are important for users employing Django, as they fix multiple security issues detailed in CVEs. Users are strongly encouraged to upgrade to these versions as soon as possible.

Details of Security Vulnerabilities

CVE-2026-6873 addresses a signed cookie salt namespace collision in \django.http.HttpRequest.get_signed_cookie, which could lead to cookie misinterpretation across different contexts. The signing salt derivation has been improved to be unambiguous, and older signed cookies will still be accepted until Django 7.0 for backward compatibility.

CVE-2026-7666 highlights a potential issue in the SMTP backend where a failed STARTTLS handshake can leave a connection in a partially-initialized state, allowing unencrypted email transmission if not carefully managed. This does not affect connections set to EMAIL_USE_SSL.

CVE-2026-8404 points to potential private data exposure due to handling Cache-Control directives incorrectly in UpdateCacheMiddleware, which could cache responses marked as private.

Request for User Action

Django users should prioritize upgrading to versions 6.0.6 and 5.2.15 to avoid the aforementioned vulnerabilities. These issues are classified as low severity, but prompt action can help maintain the security of web applications built using Django. Vigilance in updating dependencies is essential in the evolving landscape of web security.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub django/django CVE CVE-2026-68733.1 LOW CVE CVE-2026-76663.1 LOW CVE CVE-2026-84043.1 LOW CVE CVE-2026-351933.1 LOW CVE CVE-2026-485873.1 LOW

Reporting from

Django has released updates 6.0.6 and 5.2.15 to fix several low-severity security vulnerabilities. Users are advised to upgrade promptly to mitigate potential risks concerning cookie signing, email transmission, and caching behavior.