Affects OMERO.web 5.17.0 - 5.19.0
Django security release 3.2.19 is incompatible with OMERO.web 5.17.0 - 5.19.0
Django has just issued a series of security releases and encouraged their users to upgrade as soon as possible. Unfortunately, the security fix includes some backwards incompatible changes which make OMERO.web versions 5.17.0 to the current 5.19.0 unable to start with Django 3.2.19.
The OME team in Dundee as well as Glencoe Software have evaluated the impact of the security issue. We can say with confidence that OMERO.web is not vulnerable as it does not include custom validation that would be bypassed in Django 3.2.18 and earlier.
At the time of writing of this message, there is no security concern associated with running OMERO.web with Django 3.2.18. We are actively working on an imminent release of OMERO.web which will restore compatibility with the Django 3.2 LTS line and allow consumers to upgrade to Django 3.2.19.
For these reasons, we recommend OMERO users do not yet upgrade to the recommended Django releases. We will announce our plans for an updated release of OMERO.web in the near future.
OMERO.web 5.17.0 - 5.19.0
Low severity.
All users should continue to use Django 3.2.18.
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.04.18