Yup, it's not the first time either -- we've coordinated with them in the past when fixing bugs that affect both frameworks (https://www.djangoproject.com/weblog/2011/feb/08/security/).

That's 100% completely wrong. We've worked with Rails' security team in the past to coordinate releases fixing similar issues, and they've helped us out with discovering and analyzing issues of our own.

They're a great group of people and I've got nothing but good things to say about our work together.

Yet another reason why open source is fantastic: friendly competition can actually be friendly. It rocks.

We've hacked in to your hearts. ;-)

Django folks I've worked with were extremely smart, helpful, and kind. Likewise I only have great things to say.

<3<3<3<3<3<3

There's a known exploit vector for our hearts, but it's been closed as wontfix!

Perhaps you could try briefly entertaining the thought that there's a modicum of good will between the two projects

If throwing stones makes the targets do free vulnerability probing in return, why not? :)

Or if there's actually a history of web frameworks doing behind-the-scenes coordination and watching each other's backs... oh wait, that's not as good a gossip narrative. Never mind.