15 Apr 2020

Security releases - 2.7.2 and 2.8.1

Two security updates for Wagtail have been released - Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch), to address a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface.

For further details on the vulnerability, and a workaround for sites that are not able to update immediately, please see the security advisory on GitHub: CVE-2020-11001

General advice on upgrading can be found in the Wagtail documentation.