June 17, 2025 » The Django weblog » [Archived Version]
For June 2025, we welcome Elena Williams as our DSF member of the month! ⭐ Elena is a dedicated member of the Django community. She is part of the Code of Conduct Working Group and she is a Django Girls organizer in Australia. She has been a DSF member since July 2014. You can learn more about Elena by visiting Elena's website and her GitHub Profile. Let’s spend some time getting to know Elena better! Can you tell us a little about yourself (hobbies, education, etc) My background is that I wa…
Read MoreJune 13, 2025 » Django News » [Archived Version]
News DSF calls for applicants for a Django Fellow DSF invites experienced Django developers to apply for a new Django Fellow position focused on framework maintenance, mentoring, and security oversight. djangoproject.com Django bugfix releases issued: 5.2.3, 5.1.11, and 4.2.23 Django issues bugfix releases for 5.2.3, 5.1.11, and 4.2.23 to finalize mitigation for potential log injection using safer logging practices. djangoproject…
Read MoreJune 10, 2025 » The Django weblog » [Archived Version]
Following the June 4, 2025 security release, the Django team is issuing releases for Django 5.2.3, Django 5.1.11, and Django 4.2.23 to complete mitigation for CVE-2025-48432: Potential log injection via unescaped request path (full description). These follow-up releases migrate remaining response logging paths to a safer logging implementation, ensuring that all untrusted input is properly escaped before being written to logs. This update does not introduce a new CVE but strengthens the origina…
Read MoreJune 9, 2025 » REVSYS Blog » [Archived Version]
Writing Django management commands can involve a ton of boilerplate code. But Revsys uses two libraries that cut our management command code in half while making it more readable and powerful: django-click and django-typer.
Read MoreJune 9, 2025 » The Django weblog » [Archived Version]
The Django Software Foundation is announcing a call for Django Fellow applications. A Django Fellow is a contractor, paid by the Django Software Foundation, who dedicates time to maintain the Django framework. The Fellowship program was started in 2014 as a way to dedicate high-quality and consistent resources to the maintenance of Django. The Django Software Foundation currently supports two Fellows –Natalia Bidart and Sarah Boyce– and has approved funding for a new full-time Fellow. This posi…
Read MoreJune 6, 2025 » Django News » [Archived Version]
News Django security releases issued: 5.2.2, 5.1.10, and 4.2.22 Django issues security patches in 5.2.2, 5.1.10, and 4.2.22, resolving a moderate severity log injection vulnerability in internal logging via unescaped request.path. djangoproject.com Python 3.13.4, 3.12.11, 3.11.13, 3.10.18 and 3.9.23 are now available! The Python 3.13.4 release includes over 300 bug fixes, and every version of Python has received three security updates. …
Read MoreJune 4, 2025 » Matthias Kestenholz » [Archived Version]
Preserving referential integrity with JSON fields and Django Motivation The great thing about using feincms3 and django-content-editor is that CMS plugins are Django models – if using them you immediately have access to the power of Django’s ORM and Django’s administration interface. However, using one model per content type can be limiting on larger sites. Because of this we like using JSON plugins with schemas for more fringe use cases or for places where we have richer data but do not want t…
Read MoreJune 4, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.2, Django 5.1.10, and Django 4.2.22. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-48432: Potential log injection via unescaped request path Internal HTTP response logging used request.path directly, allowing control characters (e.g. newlines or ANSI escape sequences) to be written unescaped into logs. This cou…
Read MoreJune 3, 2025 » Simon Willison's Weblog: django » [Archived Version]
PR #537: Fix Markdown in og descriptions Since OpenAI Codex is now available to us ChatGPT Plus subscribers I decided to try it out against my blog. It's a very nice implementation of the GitHub-connected coding "agent" pattern, as also seen in Google's Jules and Microsoft's Copilot Coding Agent. First I had to configure an environment for it. My Django blog uses PostgreSQL which isn't part of the default Codex container, so I had Claude Sonnet 4 help me come up with a startup recipe to get Pos…
Read MoreMay 30, 2025 » Django News » [Archived Version]
News Python Release Python 3.14.0b2 Python 3.14.0b2 beta introduces deferred type annotations, t-string templating, improved error messages, and remote debugging support that may influence Django project testing. python.org Updates to Django Fixed #35629 -- Added support for async database connections and cursors. Enhances Django's ORM with asynchronous database connections and low-level cursor support for executing raw SQL queries, …
Read More