Looks like the 1.2.2 security release they did earlier this week was a bit rushed, partially because the security issue was reported via the public bug tracker instead of the security contact address.
It's a little worrying that the release is essentially just a fix for patch and package mistakes in 1.2.2. I know that 1.2.2 was a pretty urgent security update, but to re-update it a day later because the patch was broken and you botched the packaging just doesn't fill me with confidence.
10 comments
[ 2.8 ms ] story [ 37.1 ms ] threadhttp://code.djangoproject.com/timeline
Looks like the 1.2.2 security release they did earlier this week was a bit rushed, partially because the security issue was reported via the public bug tracker instead of the security contact address.