You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there! Happy new year! I am Jiacheng Zhong, a security researcher, currently affliated with Johns Hopkins University, you can call me Gavin. Me and my collaborator identified a highly severe vulnerability in django-unicorn, which impacts all versions application and easily exploitable, leading to stored XSS attack.
The following versions of Django Unicorn are currently supported for security updates:
6
+
7
+
| Version | Supported |
8
+
| ------- | ------------------ |
9
+
| 0.61.x | ✅ Fully supported |
10
+
11
+
Please ensure you are using the latest version to receive security updates.
12
+
13
+
---
14
+
15
+
## Reporting a Vulnerability
16
+
17
+
We take security issues seriously and appreciate your efforts to responsibly disclose vulnerabilities.
18
+
19
+
To report a security vulnerability:
20
+
21
+
1.**Use our GitHub Security Advisory**:
22
+
- Navigate to the [Django Unicorn repository](https://github.com/adamghill/django-unicorn).
23
+
- Go to the **Security** tab and click **Report a vulnerability**.
24
+
2.**Responsible Disclosure**:
25
+
- Do not publicly disclose the vulnerability until we have had a chance to investigate and provide a fix.
26
+
- We aim to respond to security reports within **48 hours** and provide a resolution within **7-14 days**.
27
+
28
+
---
29
+
30
+
## Acknowledgments
31
+
32
+
We appreciate the contributions of security researchers and developers who help us make Django Unicorn secure. Thank you for your support in keeping this project safe and reliable.
0 commit comments