Django 2.1.9 release notes

Django 2.1.9 fixes security issues in 2.1.8.

AdminURLFieldWidget now validates the provided value using URLValidator before displaying the clickable link. You may customize the validator by passing a validator_class kwarg to , e.g. when using .

Patched bundled jQuery for CVE-2019-11358: Prototype pollution

The bundled version of jQuery used by the Django admin has been patched to allow for the select2 library’s use of jQuery.extend().