Even in my own work ... with a small number of projects, I'm supporting a number of different django versions. This works acceptably well in different jails to contain the software strangeness, but I've recently had to build ports by hand that depend on django to source the correct major version. ... anyways... I mentioned this in PR 219713 and koobs@FreeBSD.org also said that's what was needed.
over to www/py-django's maintainer.
I have some work-in-progress that implements this. I'll post a review this evening.
Review posted at https://reviews.freebsd.org/D12592
Can we try an exp run with the latest diff from D12592?
This is becoming more urgent. django-11 is marked as vulnerable and yet it is the only version for dependant ports. We might as well not have any django dependant ports if this is the case.