Django 5.x — End of Life
Active Medium riskDjango 5.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 5.2LTS | Apr 2, 2025 | Dec 3, 2025 | Apr 30, 2028 | 5.2.15 | Active |
| 5.1 | Aug 7, 2024 | Apr 2, 2025 | Dec 3, 2025 | 5.1.15 | EOL |
| 5.0 | Dec 4, 2023 | Aug 7, 2024 | Apr 2, 2025 | 5.0.14 | EOL |
CVEs affecting Django 5.x (8)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-35192 | MEDIUM | 6.5 | 0.04% | — | 5.2 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session … | May 5, 2026 |
| CVE-2026-5766 | MEDIUM | 5.3 | 0.06% | — | 5.2 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-… | May 5, 2026 |
| CVE-2026-6907 | MEDIUM | 4.3 | 0.04% | — | 5.2 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erron… | May 5, 2026 |
| CVE-2026-48587 | LOW | 3.1 | 0.04% | — | 5.2 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Djan… | Jun 3, 2026 |
| CVE-2026-8404 | LOW | 3.1 | 0.04% | — | 5.2 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware… | Jun 3, 2026 |
| CVE-2026-35193 | LOW | 3.1 | 0.04% | — | 5.2 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware… | Jun 3, 2026 |
| CVE-2026-7666 | LOW | 3.1 | 0.01% | — | 5.2 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` … | Jun 3, 2026 |
| CVE-2026-6873 | LOW | 3.1 | 0.01% | — | 5.2 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in… | Jun 3, 2026 |
Django 5.x will reach end of life — migrate to Django 6.x
Django 6.x is the next major release. Plan your upgrade before Django 5.x stops receiving security patches.
Frequently asked questions
Is Django 5 end of life?
Partially. Some Django 5.x releases have reached EOL. Check the version table above for the exact status of each sub-release.
What CVEs affect Django 5?
There are 8 CVEs tracked for Django 5.x. See the full list above with CVSS and EPSS scores.
What is the latest Django 5 version?
The latest Django 5.x patch release is 5.2.15, released on June 3, 2026. Always run the latest patch to benefit from all security fixes.
How to migrate from Django 5 to Django 6?
To migrate from Django 5 to Django 6: (1) review the official Django 6 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.
Is it safe to run Django 5 in production?
Django 5 is still supported and safe for production use until April 30, 2028. Ensure you are running the latest patch version (5.2.15) to have all security fixes applied.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA