Comment 1 for bug 1862999

From Al Bailey:
StarlingX ships with python2-django-1.11.20

This vulnerability warning is for Django 1.11 before 1.11.28 allows SQL Injection

So this issue applies to us.

However, we are currently locked based on the “stein” upper constraints which is 1.11.20
https://github.com/openstack/requirements/blob/stable/stein/upper-constraints.txt#L419

Train locks to 1.11.24, but that would also have his CVE violation
https://github.com/openstack/requirements/blob/stable/train/upper-constraints.txt#L507