Security releases - 2.7.2 and 2.8.1

Two security updates for Wagtail have been released - Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch), to address a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface.

For further details on the vulnerability, and a workaround for sites that are not able to update immediately, please see the security advisory on GitHub: CVE-2020-11001

General advice on upgrading can be found in the Wagtail documentation.

About

Features

Who uses Wagtail

Wagtail roadmap

Core team

Contact

Accessibility

Sustainability

Developer documentation

Packages

Wagtail User Guide

Try Wagtail

Get Help

FAQs

Wagtail GitHub

Blog

Slack

Newsletter

Wagtail Space

Code of conduct

Wagtail vs Wordpress

Wagtail vs Drupal

Wagtail AI

Localization & translations

Wagtail services

Sponsor a feature