Django 1.8.18 release notes
Django 1.8.18 fixes two security issues in 1.8.17.
Also, if a developer relies on to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
CVE-2017-7234: Open redirect vulnerability in django.views.static.serve()
Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid.