I didn't confirm it but according to the comments at the bottom of https://github.com/django/django/commit/a656a681272f8f3734b6eb38e9a88aa0d91806f1, Django 1.9 and later are affected.
On Thursday, August 23, 2018 at 7:30:51 AM UTC-4, Christophe Dupouy wrote: > > I understand that per your supported versions policy, Django 1.10 and > older are no longer supported. > But can you indicated me if there is an open redirect possibility in > CommonMiddleware of version 1.9.5. > If not affected, I want to avoid to have to find ressources (money and > people) to perform a specific non-regression tests of my solution to > upgrade to django security releases 1.11.15. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9c1bed60-e995-4b93-aade-afef87577fbf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
