DJE-005
Critical
Security
DEBUG=True in production
Error message
Django debug mode enabled in production environment
Running with DEBUG=True in production exposes detailed error pages with stack traces, local variables, settings, and installed apps. This gives attackers a roadmap of your application internals.
config
production
security
Affected versions: >=0.2.0
Solution
Before (problematic)
# settings.py
DEBUG = True # Hardcoded!
After (fixed)
import os
# settings.py
DEBUG = os.environ.get("DJANGO_DEBUG", "").lower() == "true"