Django Weblog: Django is now a CVE Numbering Authority (CNA)

The Django Software Foundation has been authorized as a CVE Numbering Authority (CNA). This allows Django to autonomously assign CVE IDs to vulnerabilities in Django. The security team handles vulnerability reports and will now publish information about vulnerabilities as a CNA. Each CNA is responsible for vulnerability identification and publishing within their scope. Reporting a vulnerability to Django remains unchanged, using the security@djangoproject.com email. The CNA operations are managed by the existing security team and Django Fellows. Natalia Bidart initiated the CNA application process for Django. More information about Django's CNA activities can be found on the CNA page. Questions and feedback about Django as a CNA are welcome on the Django forum. This new role enhances Django's security management and response capabilities. The President and Vice President of the foundation support the CNA activities.