I have a Django web application that is using version 1.3.1. However, the newest version of Django 1.8.5.
I am just wondering if this would be PCI compliant? From a security perspective, this certainly not a good practice to use web application that is so behind. I tried looking on the web, but there is nothing too explicit about this topic.
PCI compliance has a requirement - "Develop and maintain secure system and application."
From @knbk comment:
"Django 1.3 is unsupported and insecure, and has known vulnerabilities, including XSS attacks, header spoofing, header injection and a bug that can reveal the CSRF token. These issues have been fixed in all supported versions of Django."
There is a very good chance that it will not be PCI compliant because it is not secure.