Red Hat Bugzilla – Bug 223539
Security fix for Django auth system
Last modified: 2007-11-30 17:11:53 EST
A bug in Django's AuthenticationMiddleware was discovered and patched after the 0.95 release; this bug
can cause apparent "caching" of the value of request.user between requests, possibly resulting in
inappropriate access when a user is perceived to be "logged in" as someone else.
This was fixed in revision 3754 of Django trunk, and that changeset applies cleanly to stock Django
Django 0.95.1 has been built on the build servers and awaits signing