Upgrade Django version to mitigate security vulnerabilities #522
Comments
|
Agreed -- upgrading to 1.6.x would be preferable if it's not too painful a jump but at a minimum we should upgrade to 1.4.11 in the next release. |
|
The 1.5.0 and 1.6.0 release notes will indicate any significant changes and considerations for upgrading our codebase from 1.4 -> 1.6: |
|
Am I right in thinking the best way for us to do this is for us to try it out on a demo environment (Test, UAT or a local dev) and run all the tests to pick out the obvious problems, before then doing a more manual deep dive into some of the more obscure corners of RSR - API, donations, widgets etc, to make sure it's all working as planned? |
|
Correct -- I would upgrade to 1.4.11 for now, which will be a minor but critical upgrade so we can at least patch the security vulnerability for the next release. We can then work on the larger task (#328) of upgrading from 1.4 to 1.6 for a later release. |
|
@KasperBrandt -- @mtwestra has been upgrading the Water Compass site from Django 1.3 to 1.6 so he could perhaps provide some guidance and warnings as needed. |
|
Hi Oliver and Kasper, watercompass is not done yet, sanitation compass is On 29 Apr 2014, at 13:31, Oliver Galloway-Lunn notifications@github.com wrote:
|
|
This will be covered in #544 |
|
Going to bump the 1.4 version we're using to 1.4.11 or later to at least plug the security vulnerability until the Django 1.7 upgrade work is ready. |
… vulnerabilities. See https://www.djangoproject.com/weblog/2014/apr/21/security/ for further details.
[#522] Upgraded to Django 1.4.13 to plug recent security vulnerabilities
|
Deployed on rsr.akvouat.org -- ready for integration testing. |
|
system performed as expected on UAT - no obvious regression issues |
We should upgrade to the latest Django 1.4.11 release to patch known security vulnerabilities in the 1.4.x series: https://www.djangoproject.com/weblog/2014/apr/21/security/
The text was updated successfully, but these errors were encountered: