We've just put out new, unofficial releases of Django 1.6.11 that contain security fixes backported from the latest versions of Django.
The Django project is no longer maintaining Django 1.6.x, as it has end-of-lifed. However, for many reasons, we're currently dependent on this version. As such, we will be maintaining security releases for Django 1.6.x from here on out, in the form of 1.6.11.x releases.
The latest security releases can always be download here. We will announce new releases on our Official Announcements mailing list and on our community support forum.
To upgrade to Django 184.108.40.206, you can run:
$ sudo easy_install \ -f http://downloads.reviewboard.org/releases/Django/1.6/ \ Django==220.127.116.11
or, using pip:
$ sudo pip install \ -f https://s3.amazonaws.com/downloads.reviewboard.org/releases/Django/1.6/index.html \ Django==18.104.22.168
Unfortunately, due to restrictions in the design of pip, we will not be able to automatically upgrade to these versions of Django in our upcoming releases of Review Board. It will be up to you to handle this for now. We will announce instructions along with the releases.
For information on what's in this security release, see Django's announcement.
Please note that Django 1.6.x is the last version to support Python 2.6.x, which has also end-of-lifed. We will be dropping support for Python 2.6 in Review Board 2.6, so we recommend moving to Python 2.7 at your earliest convenience.