Django released the versions 2.2.4, 2.1.11, and 1.11.23 today, fixing a handful of security issues. You can see their announcement for the list of issues addressed.
We maintain security-hardened builds of Django 1.6.11, the version series we use for Review Board 2.0 through 3.0. We've put out a new Django 1.6.11.8 release that contains these fixes, plus some additional backports from newer releases.
To upgrade to this release, run:
$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.8.tar.gz
Or:
$ easy_install -U http://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.8.tar.gz
You can always keep up on the latest Review Board security announcements by subscribing to our Official Announcements mailing list, joining our Subreddit, or following us on Twitter.