Ryan Butterfield

**Name of the Vulnerable Software and Affected Versions** Django versions 1.7.x before 1.7.11 Django versions 1.8.x before 1.8.7 Django versions 1.9.x before 1.9rc2 **Description** The issue allows remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by the `SECRET KEY`. This occurs due to a problem in the `get format` function in `utils/formats.py`. **Recommendations** For Django versions 1.7.x before 1.7.11, update to version 1.7.11 or later. For Django versions 1.8.x before 1.8.7, update to version 1.8.7 or later. For Django versions 1.9.x before 1.9rc2, update to version 1.9rc2 or later.